add nginx role

roles/nginx/templates/conf/ssl-headers.conf.j2

@@ -0,0 +1,12 @@
+# {{ ansible_managed }}
+
+# Strict Transport Security (HSTS), Tell browsers to use only https (adding includeSubDomains would also force subdomains to use HSTS)
+add_header Strict-Transport-Security "max-age=15552000; preload" always;
+
+# Expect Certificate Transparency and -Stapling, Security measures for checking HTTPS-certificate validity/revocation
+add_header Expect-CT 'enforce; max-age=86400;' always;
+add_header Expect-Staple 'max-age=86400; preload' always;
+add_header Referrer-Policy "no-referrer-when-downgrade" always;
+add_header X-Content-Type-Options "nosniff" always;
+add_header X-Xss-Protection "1; mode=block" always;
+add_header X-Frame-Options "SAMEORIGIN" always;