How I can add additional security headers?
P.S. - I cannot use $HOMEDIR/$user/conf/web/$domain/nginx.hsts_custom.conf as it break the site.
# BEGIN Security Headers
server {
# Basic Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
add_header Content-Security-Policy "upgrade-insecure-requests"
add_header X-Frame-Options "SAMEORIGIN"
add_header X-Content-Type-Options "nosniff"
add_header Referrer-Policy "strict-origin-when-cross-origin"
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), interest-cohort=(), serial=(), sync-script=(), trust-token-redemption=(), window-placement=(), vertical-scroll=()"
}
# END Security Headers