I ran one of these website inspection services on my website and it was deemed to be subject to Clickjacking. This might be a false positive since I don't use frames, but the info on this link was enough to make the error go away. I chose "DENY" since I don't use frames.
https://geekflare.com/add-x-frame-options-nginx/
The inspection was from tinfoilsecurity.com. If you are blocking AWS (and you should be from Web ports ), you will have to make an exception for their IP.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx