diff --git a/templates/etc/nginx/sites-available/_base.j2 b/templates/etc/nginx/sites-available/_base.j2
index 66cf8ce..1bb8aca 100644
--- a/templates/etc/nginx/sites-available/_base.j2
+++ b/templates/etc/nginx/sites-available/_base.j2
@@ -5,7 +5,7 @@
 {% set __http_proxy_protocol_port = item.http_proxy_protocol_port | default([]) %}
 {% set __https_proxy_protocol_port = item.https_proxy_protocol_port | default([]) %}
 {% set __location = item.location | default({}) %}
-{% set __headers = item.headers | default({'X-Frame-Options': 'DENY always', 'X-Content-Type-Options': 'nosniff always', 'X-XSS-Protection': '1; mode=block' }) %}
+{% set __headers = item.headers | default(nginx_servers_default_headers) %}
 {% set __ssl_name = item.ssl_name | default(item.name if item.name is string else item.name[0]) %}
 {% set __location_order = item.location_order | default(__location.keys()) %}
 {% macro htpasswd(htpasswd_name, indent=1) -%}
diff --git a/vars/main.yml b/vars/main.yml
index c4d0d7e..a8587d3 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -39,5 +39,10 @@ nginx_templates_no_dir:
   - '_owncloud'
   - '_proxy'
 
+nginx_servers_default_headers:
+  'X-Frame-Options': 'DENY always'
+  'X-Content-Type-Options': 'nosniff always'
+  'X-XSS-Protection': '1; mode=block'
+
 nginx_upstream_php56: 'php56'
 nginx_upstream_php70: 'php70'