diff --git a/UPGRADE.md b/UPGRADE.md
index d39279e..ebadb24 100644
--- a/UPGRADE.md
+++ b/UPGRADE.md
@@ -10,6 +10,10 @@
 2. Run `composer update shopsys/deployment`
 3. Check files in mentioned pull requests and if you have any of them extended in your project, apply changes manually
 
+## Upgrade from v2.1.2 to v2.1.3
+
+- added security headers for more safety ([#10](https://github.com/shopsys/deployment/pull/10))
+
 ## Upgrade from v2.1.1 to v2.1.2
 
 - update your `deploy-project.sh` to properly deploy consumer manifests ([#9](https://github.com/shopsys/deployment/pull/9/files))
diff --git a/kubernetes/configmap/nginx.yaml b/kubernetes/configmap/nginx.yaml
index 5f74054..889115a 100644
--- a/kubernetes/configmap/nginx.yaml
+++ b/kubernetes/configmap/nginx.yaml
@@ -79,6 +79,8 @@ data:
             add_header Access-Control-Allow-Origin "*" always;
             add_header Access-Control-Allow-Credentials "false" always;
             add_header VSHCDN-WEBP-QUALITY 90;
+            add_header X-Frame-Options "SAMEORIGIN";
+            add_header X-Content-Type-Options "nosniff";
 
             set $request_host $http_host;
             if ($http_originalhost) {