nginx/application: Added security relevant HTTP headers to global config

Duplicates removed from server/nextcloud

roles/nginx/application/templates/global.conf

@@ -6,4 +6,8 @@ location = /robots.txt {
     access_log off;
 }
 
+add_header X-Content-Type-Options nosniff;
+add_header X-Frame-Options SAMEORIGIN;
+add_header X-XSS-Protection "1; mode=block";
+
 include {{ nginx_snippets_directory }}/resolver.conf;

roles/server/nextcloud/meta/main.yml

@@ -20,8 +20,6 @@ dependencies:
     memory_limit: 1G
   - role: nginx/server
     directives: |
-      add_header X-Content-Type-Options nosniff;
-      add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;