diff --git a/frontend/nginx.conf b/frontend/nginx.conf
index fc31a94..b77f6da 100644
--- a/frontend/nginx.conf
+++ b/frontend/nginx.conf
@@ -5,7 +5,11 @@ upstream web {
 server {
   listen 80;
 
+<<<<<<< header-content-type
+  add_header X-Content-Type-Options "nosniff" always;
+=======
   add_header Content-Security-Policy "frame-ancestors 'none'" always;
+>>>>>>> main
 
   location ~ ^/api(/?)(.*) {
     proxy_pass http://web/$2$is_args$args;
diff --git a/widget/nginx.conf b/widget/nginx.conf
index e4d04fb..e408659 100644
--- a/widget/nginx.conf
+++ b/widget/nginx.conf
@@ -3,6 +3,7 @@ server {
 
   listen 80;
 
+  add_header X-Content-Type-Options "nosniff" always;
   set $FRAME_ANCESTORS "frame-ancestors ${FRAME_ANCESTORS}";
   add_header Content-Security-Policy "${FRAME_ANCESTORS}" always;