diff --git a/apps/admin/nginx/nginx.conf b/apps/admin/nginx/nginx.conf
index 243aebff54d..0fd4a192ae2 100644
--- a/apps/admin/nginx/nginx.conf
+++ b/apps/admin/nginx/nginx.conf
@@ -20,6 +20,12 @@ http {
   server {
     listen 3000;
 
+    # Security headers
+    add_header X-Frame-Options "DENY" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
     location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;
diff --git a/apps/web/nginx/nginx.conf b/apps/web/nginx/nginx.conf
index 160fcb9be96..34e07ba4beb 100644
--- a/apps/web/nginx/nginx.conf
+++ b/apps/web/nginx/nginx.conf
@@ -20,6 +20,12 @@ http {
   server {
     listen 3000;
 
+    # Security headers
+    add_header X-Frame-Options "DENY" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+    add_header X-XSS-Protection "1; mode=block" always;
+
     location / {
       root   /usr/share/nginx/html;
       index  index.html index.htm;