diff --git a/states/nginx/config.sls b/states/nginx/config.sls
index 1fe0273..f2d93c1 100644
--- a/states/nginx/config.sls
+++ b/states/nginx/config.sls
@@ -56,6 +56,7 @@ nginx-sites-available-{{ key }}:
       internal_access: {{ vhost.internal_access|default(false) }}
       auth: {{ vhost.auth|default(false) }}
       dirs: {{ vhost.dirs|default([]) }}
+      headers: {{ vhost.headers|default({}) }}
       php_socket_file: {{ nginx.config.php_socket_file }}
 
 nginx-site-enabled-{{ key }}:
diff --git a/states/nginx/templates/types/simple.j2 b/states/nginx/templates/types/simple.j2
index d24a67e..f515922 100644
--- a/states/nginx/templates/types/simple.j2
+++ b/states/nginx/templates/types/simple.j2
@@ -33,6 +33,9 @@ server {
     auth_basic "Restricted area";
     auth_basic_user_file {{ config_dir }}/auth/htpasswd;
     {%- endif %}
+    {%- for key,value in headers.items() %}
+    add_header            {{ key }} {{ value }};
+    {% endfor -%}
   }
 
   {%- for dir in dirs %}
diff --git a/states/nginx/templates/types/vaultwarden.j2 b/states/nginx/templates/types/vaultwarden.j2
new file mode 100644
index 0000000..d24a67e
--- /dev/null
+++ b/states/nginx/templates/types/vaultwarden.j2
@@ -0,0 +1,47 @@
+## {{ salt['pillar.get']('salt_managed', default='Salt Managed') }}
+
+server {
+  include                 http;
+  server_name             {{ vhost_name }};
+  return                  301 https://$server_name$request_uri;
+}
+
+server {
+  include                 https;
+  {%- if internal_access %}
+  include                 access;
+  {%- endif %}
+  server_name             {{ vhost_name }};
+  {%- if not proxy %}
+  root                    "{{ root_dir }}";
+  {%- endif %}
+  location / {
+    {%- if proxy %}
+    proxy_pass            {{ proxy_pass }};
+    {%- if not cache %}
+    proxy_no_cache        1;
+    proxy_cache_bypass    1;
+    {%- endif %}
+    {%- endif %}
+    {%- if autoindex %}
+    autoindex             on;
+    autoindex_localtime   on;
+    {%- else %}
+    index                 index.html index.rss;
+    {% endif %}
+    {%- if auth %}
+    auth_basic "Restricted area";
+    auth_basic_user_file {{ config_dir }}/auth/htpasswd;
+    {%- endif %}
+  }
+
+  {%- for dir in dirs %}
+  location {{ dir.name }} {
+    alias                 {{ dir.alias }};
+  }
+  {%- endfor %}
+
+  location /robots.txt {
+    return 200 "User-agent: *\r\nDisallow: /";
+  }
+}