diff --git a/.vscode/intershop.txt b/.vscode/intershop.txt
index 4981344bda..a7b9c176a2 100644
--- a/.vscode/intershop.txt
+++ b/.vscode/intershop.txt
@@ -79,6 +79,7 @@ keyvalue
 kubernetes
 lessthan
 logformat
+loglevel
 maxlength
 mergeable
 minibasket
diff --git a/docker-compose.yml b/docker-compose.yml
index dacd04274d..b905adbcdb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -109,6 +109,9 @@ services:
           - baseHref: /b2c
             channel: default
             theme: b2c
+      # ADDITIONAL_HEADERS: |
+      #   headers:
+      #     - X-Frame-Options: 'SAMEORIGIN'
 
     # Logging to an External Device (see logging.md)
     # volumes:
diff --git a/docs/guides/nginx-startup.md b/docs/guides/nginx-startup.md
index ef5724060b..585c79b1e4 100644
--- a/docs/guides/nginx-startup.md
+++ b/docs/guides/nginx-startup.md
@@ -136,6 +136,26 @@ Alternatively, the source can be supplied by setting `OVERRIDE_IDENTITY_PROVIDER
 
 If no environment variable is set, this feature is disabled.
 
+### Add additional headers
+
+For some security or functional reasons it is necessary to add additional headers to page responses.
+To make such headers configurable, the environment variable `ADDITIONAL_HEADERS` is introduced.
+
+```yaml
+nginx:
+  environment:
+    ADDITIONAL_HEADERS: |
+      headers:
+        - header-a: 'value-a'
+        - header-b: 'value-b'
+```
+
+Alternatively, the source can be supplied by setting `ADDITIONAL_HEADERS_SOURCE` in any [supported format by gomplate](https://docs.gomplate.ca/datasources/).
+
+For every entry nginx will add this header to every possible response.
+
+To make the additional headers available during build-time, the value for the environment variable `ADDITIONAL_HEADERS` can be put into the [additional-headers.yaml](../../nginx/additional-headers.yaml) file.
+
 ### Other
 
 Built-in features can be enabled and disabled:
diff --git a/nginx/additional-headers.yaml b/nginx/additional-headers.yaml
new file mode 100644
index 0000000000..52a4e3dc42
--- /dev/null
+++ b/nginx/additional-headers.yaml
@@ -0,0 +1 @@
+headers:
diff --git a/nginx/docker-entrypoint.d/40-gomplate.sh b/nginx/docker-entrypoint.d/40-gomplate.sh
index fa3c71461d..22078a3da5 100755
--- a/nginx/docker-entrypoint.d/40-gomplate.sh
+++ b/nginx/docker-entrypoint.d/40-gomplate.sh
@@ -29,4 +29,14 @@ then
   fi
 fi
 
-/gomplate -d "domains=$MULTI_CHANNEL_SOURCE" -d "overrideIdentityProviders=$OVERRIDE_IDENTITY_PROVIDERS_SOURCE" -d "cachingIgnoreParams=$CACHING_IGNORE_PARAMS_SOURCE" -d 'ipwhitelist=env:///BASIC_AUTH_IP_WHITELIST?type=application/yaml' --input-dir="/etc/nginx/templates" --output-map='/etc/nginx/conf.d/{{ .in | strings.ReplaceAll ".conf.tmpl" ".conf" }}'
+if [ -z "$ADDITIONAL_HEADERS_SOURCE" ]
+then
+  if [ -z "$ADDITIONAL_HEADERS" ]
+  then
+    ADDITIONAL_HEADERS_SOURCE="./additional-headers.yaml"
+  else
+    ADDITIONAL_HEADERS_SOURCE="env:///ADDITIONAL_HEADERS?type=application/yaml"
+  fi
+fi
+
+/gomplate -d "domains=$MULTI_CHANNEL_SOURCE" -d "overrideIdentityProviders=$OVERRIDE_IDENTITY_PROVIDERS_SOURCE" -d "cachingIgnoreParams=$CACHING_IGNORE_PARAMS_SOURCE" -d "additionalHeaders=$ADDITIONAL_HEADERS_SOURCE" -d 'ipwhitelist=env:///BASIC_AUTH_IP_WHITELIST?type=application/yaml' --input-dir="/etc/nginx/templates" --output-map='/etc/nginx/conf.d/{{ .in | strings.ReplaceAll ".conf.tmpl" ".conf" }}'
diff --git a/nginx/templates/add-header.conf.tmpl b/nginx/templates/add-header.conf.tmpl
new file mode 100644
index 0000000000..b95c16d485
--- /dev/null
+++ b/nginx/templates/add-header.conf.tmpl
@@ -0,0 +1,7 @@
+{{ $headers := (datasource "additionalHeaders").headers -}}
+
+{{- range $headers }}
+  {{- range $key, $val := (.) }}
+    add_header {{ $key }} "{{ $val }}";
+  {{- end}}
+{{- end }}
diff --git a/nginx/templates/multi-channel.conf.tmpl b/nginx/templates/multi-channel.conf.tmpl
index f9afb23304..5fe77f1edb 100644
--- a/nginx/templates/multi-channel.conf.tmpl
+++ b/nginx/templates/multi-channel.conf.tmpl
@@ -161,6 +161,7 @@ server {
   {{ if (has $mapping "channel") }}
     location / {
         {{- tmpl.Exec "LOCATION_TEMPLATE" $mapping }}
+        include /etc/nginx/conf.d/add-header.conf;
     }
     location ^~ /sitemap_ {
         {{- tmpl.Exec "LOCATION_TEMPLATE_FOR_SITEMAP" $mapping }}
@@ -169,6 +170,7 @@ server {
     {{ range $mapping }}
     location {{ .baseHref }} {
         {{- tmpl.Exec "LOCATION_TEMPLATE" . }}
+        include /etc/nginx/conf.d/add-header.conf;
     }
     location ^~ {{ .baseHref }}{{if not ( .baseHref | strings.HasSuffix "/")}}/{{end}}sitemap_ {
         {{- tmpl.Exec "LOCATION_TEMPLATE_FOR_SITEMAP" . }}