fix: fix for clickjacking that mirrors namada.net (#2297)

Author: neocybereth

docker/namadillo/nginx.conf

@@ -1,12 +1,23 @@
 server {
-    listen       80;
-    server_name  localhost;
-    location / {
-        root   /usr/share/nginx/html;
-        index  index.html index.htm;
-        try_files $uri $uri/ $uri.html /index.html;
-        add_header Cross-Origin-Embedder-Policy "credentialless";
-        add_header Cross-Origin-Opener-Policy "same-origin";
-    }
-    gzip off;
+  listen 80;
+  server_name localhost;
+
+  location / {
+    root /usr/share/nginx/html;
+    index index.html index.htm;
+    try_files $uri $uri/ $uri.html /index.html;
+    add_header Cross-Origin-Embedder-Policy "credentialless" always;
+    add_header Cross-Origin-Opener-Policy "same-origin" always;
+    add_header Cross-Origin-Resource-Policy "same-origin" always;
+    add_header Expect-CT "max-age=0" always;
+    add_header Permissions-Policy "camera=(), microphone=(), geolocation=(), usb=(), payment=()" always;
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; # only effective over HTTPS
+    add_header X-Frame-Options "DENY" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-XSS-Protection "0" always;
+  }
+
+
+
+  gzip off;
 }