diff --git a/build/common/nginx-default.conf.template b/build/common/nginx-default.conf.template
index b9fc161a..f19ccee2 100644
--- a/build/common/nginx-default.conf.template
+++ b/build/common/nginx-default.conf.template
@@ -11,6 +11,11 @@ server {
     server_name $http_host;
     root /var/www/html;
 
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+
     location /assets {
         try_files $uri =404;
     }
@@ -32,6 +37,15 @@ server {
     }
 
     location / {
+        rewrite ^(.+)/$ $1 permanent;
+        rewrite ^(.+)/index\.html$ $1 permanent;
+        rewrite ^(.+)\.html$ $1 permanent;
+
+        location ~ ^/files/.*.(htm|html|svg|xml) {
+                add_header Content-disposition "attachment";
+                try_files /sites/$http_host/public/$uri @webserver;
+        }
+
         try_files /sites/$http_host/public/$uri @webserver;
     }