From 67226487c0e461f7095cf5d457488353382cfde5 Mon Sep 17 00:00:00 2001
From: Prateek Shourya <prateekshourya29@gmail.com>
Date: Thu, 8 Jan 2026 19:07:37 +0530
Subject: [PATCH 1/2] [VPAT-50] chore(security): add X-Frame-Options header to
 nginx configuration to prevent clickjacking attacks

---
 apps/admin/nginx/nginx.conf | 3 +++
 apps/web/nginx/nginx.conf   | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/apps/admin/nginx/nginx.conf b/apps/admin/nginx/nginx.conf
index 243aebff54d..01724cea310 100644
--- a/apps/admin/nginx/nginx.conf
+++ b/apps/admin/nginx/nginx.conf
@@ -20,6 +20,9 @@ http {
   server {
     listen 3000;
 
+    # Prevent clickjacking attacks
+    add_header X-Frame-Options "DENY" always;
+
     location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;
diff --git a/apps/web/nginx/nginx.conf b/apps/web/nginx/nginx.conf
index 160fcb9be96..4b6639a520e 100644
--- a/apps/web/nginx/nginx.conf
+++ b/apps/web/nginx/nginx.conf
@@ -20,6 +20,9 @@ http {
   server {
     listen 3000;
 
+    # Prevent clickjacking attacks
+    add_header X-Frame-Options "DENY" always;
+
     location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;

From 64e9577e87434fd99fd1491eca280f5300f9ea21 Mon Sep 17 00:00:00 2001
From: Prateek Shourya <prateekshourya29@gmail.com>
Date: Thu, 8 Jan 2026 21:15:09 +0530
Subject: [PATCH 2/2] [SECURITY] chore: enhance nginx configuration with
 additional security headers

---
 apps/admin/nginx/nginx.conf | 5 ++++-
 apps/web/nginx/nginx.conf   | 5 ++++-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/apps/admin/nginx/nginx.conf b/apps/admin/nginx/nginx.conf
index 01724cea310..0fd4a192ae2 100644
--- a/apps/admin/nginx/nginx.conf
+++ b/apps/admin/nginx/nginx.conf
@@ -20,8 +20,11 @@ http {
   server {
     listen 3000;
 
-    # Prevent clickjacking attacks
+    # Security headers
     add_header X-Frame-Options "DENY" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-XSS-Protection "1; mode=block" always;
 
     location / {
       root   /usr/share/nginx/html;
diff --git a/apps/web/nginx/nginx.conf b/apps/web/nginx/nginx.conf
index 4b6639a520e..34e07ba4beb 100644
--- a/apps/web/nginx/nginx.conf
+++ b/apps/web/nginx/nginx.conf
@@ -20,8 +20,11 @@ http {
   server {
     listen 3000;
 
-    # Prevent clickjacking attacks
+    # Security headers
     add_header X-Frame-Options "DENY" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-XSS-Protection "1; mode=block" always;
 
     location / {
       root   /usr/share/nginx/html;