diff --git a/conf.d/securityHeaders.conf b/conf.d/securityHeaders.conf
new file mode 100644
index 0000000..9dd36ee
--- /dev/null
+++ b/conf.d/securityHeaders.conf
@@ -0,0 +1,11 @@
+#######
+### NGINX configuration - add security related headers
+### (HTTPS specific headers are added in HTTPS configuration)
+#######
+
+add_header X-Robots-Tag none;
+add_header X-Download-Options noopen;
+add_header X-Permitted-Cross-Domain-Policies none;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-XSS-Protection "1; mode=block" always;
+add_header Referrer-Policy "same-origin" always;