# Remove version
server_tokens off;

# Control Buffer Overflow Attacks
client_body_buffer_size 1k;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 4 1k;

# Prevent Clickjacking Attack (disable frame and iframe from other domain)
add_header X-Frame-Options "SAMEORIGIN";

# Add X-XSS Protection
add_header X-XSS-Protection "1; mode=block";