Ensure the X-Frame-Options header has a single string argument

setup/start/nginx/appconfig.ejs

@@ -25,7 +25,7 @@ server {
     add_header Strict-Transport-Security "max-age=15768000; includeSubDomains";
 
     # https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
-    add_header X-Frame-Options <%= xFrameOptions %>;
+    add_header X-Frame-Options "<%= xFrameOptions %>";
 
     proxy_http_version 1.1;
     proxy_intercept_errors on;