diff --git a/k8s/nginx-http/container/Dockerfile b/k8s/nginx-http/container/Dockerfile
index c6b0ccd4..e35dd5e0 100644
--- a/k8s/nginx-http/container/Dockerfile
+++ b/k8s/nginx-http/container/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.13.1
+FROM nginx:stable
 LABEL maintainer "dev@bigchaindb.com"
 WORKDIR /
 RUN apt-get update \
diff --git a/k8s/nginx-http/container/docker_build_and_push.bash b/k8s/nginx-http/container/docker_build_and_push.bash
index d4b70555..5011eb2d 100755
--- a/k8s/nginx-http/container/docker_build_and_push.bash
+++ b/k8s/nginx-http/container/docker_build_and_push.bash
@@ -1,5 +1,5 @@
 #!/bin/bash
 
-docker build -t bigchaindb/nginx_http:1.0 .
+docker build -t bigchaindb/nginx_http:1.1 .
 
-docker push bigchaindb/nginx_http:1.0
+docker push bigchaindb/nginx_http:1.1
diff --git a/k8s/nginx-http/container/nginx.conf.template b/k8s/nginx-http/container/nginx.conf.template
index 35d121eb..bc8b8245 100644
--- a/k8s/nginx-http/container/nginx.conf.template
+++ b/k8s/nginx-http/container/nginx.conf.template
@@ -45,6 +45,12 @@ http {
 
   keepalive_timeout 60s;
 
+  # Do not expose nginx data/version number in error response and header
+  server_tokens off;
+
+  # To prevent cross-site scripting
+  add_header X-XSS-Protection "1; mode=block";
+
   # The following map blocks enable lazy-binding to the backend at runtime,
   # rather than binding as soon as NGINX starts.
   map $remote_addr $bdb_backend {
@@ -54,7 +60,6 @@ http {
   # Frontend server for the external clients
   server {
     listen CLUSTER_FRONTEND_PORT;
-
     underscores_in_headers on;
 
     # Forward websockets to backend BDB at 9985.
@@ -86,7 +91,7 @@ http {
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
         add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
         add_header 'Access-Control-Expose-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
-        
+
         proxy_pass http://$bdb_backend:BIGCHAINDB_API_PORT;
       }
 
@@ -100,6 +105,11 @@ http {
         add_header 'Content-Length' 0;
         return 204;
       }
+
+      # Only return this reponse if request_method is neither POST|GET|OPTIONS
+      if ($request_method !~ ^(GET|OPTIONS|POST)$) {
+        return 444;
+      }
     }
   }
 
@@ -130,10 +140,10 @@ stream {
 
   # Enable logging when connections are being throttled.
   limit_conn_log_level notice;
-  
+
   # Allow 16 connections from the same IP address.
   limit_conn two 16;
-  
+
   # DNS resolver to use for all the backend names specified in this configuration.
   resolver DNS_SERVER valid=30s ipv6=off;
 
@@ -142,7 +152,7 @@ stream {
   map $remote_addr $mdb_backend {
     default MONGODB_BACKEND_HOST;
   }
-  
+
   # Frontend server to forward connections to MDB instance.
   server {
     listen MONGODB_FRONTEND_PORT so_keepalive=10m:1m:5;
diff --git a/k8s/nginx-https/container/Dockerfile b/k8s/nginx-https/container/Dockerfile
index 98ec0cfd..3bd6b607 100644
--- a/k8s/nginx-https/container/Dockerfile
+++ b/k8s/nginx-https/container/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.13.1
+FROM nginx:stable
 LABEL maintainer "dev@bigchaindb.com"
 WORKDIR /
 RUN apt-get update \
diff --git a/k8s/nginx-https/container/docker_build_and_push.bash b/k8s/nginx-https/container/docker_build_and_push.bash
index 3ae71ff9..76494bcb 100755
--- a/k8s/nginx-https/container/docker_build_and_push.bash
+++ b/k8s/nginx-https/container/docker_build_and_push.bash
@@ -1,5 +1,5 @@
 #!/bin/bash
 
-docker build -t bigchaindb/nginx_https:1.0 .
+docker build -t bigchaindb/nginx_https:1.1 .
 
-docker push bigchaindb/nginx_https:1.0
+docker push bigchaindb/nginx_https:1.1
diff --git a/k8s/nginx-https/container/nginx.conf.template b/k8s/nginx-https/container/nginx.conf.template
index 8a85c894..3ffb4cce 100644
--- a/k8s/nginx-https/container/nginx.conf.template
+++ b/k8s/nginx-https/container/nginx.conf.template
@@ -42,6 +42,12 @@ http {
   client_body_timeout 10s;
   client_header_timeout 10s;
 
+  # Do not expose nginx data/version number in error response and header
+  server_tokens off;
+
+  # To prevent cross-site scripting
+  add_header X-XSS-Protection "1; mode=block";
+
   # DNS resolver to use for all the backend names specified in this configuration.
   resolver DNS_SERVER valid=30s ipv6=off;
 
@@ -60,10 +66,11 @@ http {
   server {
     listen CLUSTER_FRONTEND_PORT ssl;
     server_name "CLUSTER_FQDN";
-    ssl_certificate        /etc/nginx/ssl/cert.pem;
-    ssl_certificate_key    /etc/nginx/ssl/cert.key;
-    ssl_protocols          TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers            HIGH:!aNULL:!MD5;
+
+    ssl_certificate /etc/nginx/ssl/cert.pem;
+    ssl_certificate_key /etc/nginx/ssl/cert.key;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers HIGH:!aNULL:!MD5;
 
     underscores_in_headers on;
 
@@ -114,6 +121,11 @@ http {
         add_header 'Content-Length' 0;
         return 204;
       }
+
+      # Only return this reponse if request_method is neither POST|GET|OPTIONS
+      if ($request_method !~ ^(GET|OPTIONS|POST)$) {
+        return 444;
+      }
     }
   }