diff --git a/roles/nginx/application/templates/global.conf b/roles/nginx/application/templates/global.conf
index 57251bf..cb42e55 100644
--- a/roles/nginx/application/templates/global.conf
+++ b/roles/nginx/application/templates/global.conf
@@ -6,4 +6,8 @@ location = /robots.txt {
     access_log off;
 }
 
+add_header X-Content-Type-Options nosniff;
+add_header X-Frame-Options SAMEORIGIN;
+add_header X-XSS-Protection "1; mode=block";
+
 include {{ nginx_snippets_directory }}/resolver.conf;
diff --git a/roles/server/nextcloud/meta/main.yml b/roles/server/nextcloud/meta/main.yml
index b4b25a6..396eddd 100644
--- a/roles/server/nextcloud/meta/main.yml
+++ b/roles/server/nextcloud/meta/main.yml
@@ -20,8 +20,6 @@ dependencies:
     memory_limit: 1G
   - role: nginx/server
     directives: |
-      add_header X-Content-Type-Options nosniff;
-      add_header X-XSS-Protection "1; mode=block";
       add_header X-Robots-Tag none;
       add_header X-Download-Options noopen;
       add_header X-Permitted-Cross-Domain-Policies none;