diff --git a/defaults/main.yml b/defaults/main.yml
index 882b99a..280f837 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -94,6 +94,7 @@ nginx_cors_allowed_headers: 'Accept,Authorization,Cache-Control,Content-Type,DNT
 # Set them only if the application behind the server does not set them by itself.
 nginx_set_xss_protection: False
 nginx_set_content_security_options: False
+nginx_disable_content_security_options: False
 # Choiches: 'self', 'none', a list of domains
 nginx_content_security_src_acl:
   - "'self'"
@@ -144,11 +145,13 @@ nginx_robots_disallowed_useragent_list:
 nginx_robots_disallowed_uris: False
 nginx_robots_disallowed_uris_list: []
 
+# List any options here, ending with ;
 nginx_use_common_virthost: False
 #
 # Virtualhost example
 nginx_virthosts: []
 #   - virthost_name: '{{ ansible_fqdn }}'
+#     plain_http_enabled: True
 #     listen: '{{ http_port }}'
 #     server_name: '{{ ansible_fqdn }}'
 #     server_aliases: ''
@@ -163,6 +166,7 @@ nginx_virthosts: []
 #     ssl_letsencrypt_certs: '{{ nginx_letsencrypt_managed }}'
 #     root: {{ nginx_webroot }}
 #     server_tokens: 'off'
+#     additional_options: []
 #     proxy_standard_setup: True
 #     proxy_additional_options:
 #       - 'proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;'
diff --git a/templates/nginx-virthost.j2 b/templates/nginx-virthost.j2
index c5133e2..8bf8ead 100644
--- a/templates/nginx-virthost.j2
+++ b/templates/nginx-virthost.j2
@@ -16,6 +16,8 @@ upstream {{ u_bk.name }} {
 
 {% endfor %}
 {% endif %}
+
+{% if item.plain_http_enabled | default(True) %}
 server {
     listen {{ item.http_port | default ('80') }};
     server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
@@ -54,6 +56,9 @@ server {
     {% endif %}
     {% if nginx_set_content_security_options %}
     proxy_hide_header Content-Security-Policy;
+    {% if nginx_disable_content_security_options %}
+    add_header Content-Security-Policy "";
+    {% else %}
     add_header Content-Security-Policy "frame-src{% for s in nginx_content_security_src_acl %} {{ s }}{% endfor %}; frame-ancestors{% for l in nginx_content_security_ancestor_acl %} {{ l }}{% endfor %};";
     {% endif %}
     server_tokens {{ item.server_tokens | default('off') }};
@@ -126,6 +131,10 @@ server {
     {% endif %}
     {% endif %}
 
+    {% for global_opt in item.additional_options %}
+    {{ global_opt }}
+    {% endfor %}
+
     {% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
 
     # Proxy stuff
@@ -148,13 +157,13 @@ server {
         {% if nginx_cors_enabled %}
         {% if not nginx_cors_global %}
         {% if location.cors is defined and location.cors %}
-		include /etc/nginx/snippets/nginx-cors.conf;
+	include /etc/nginx/snippets/nginx-cors.conf;
         {% endif %}
         {% endif %}
         {% endif %}
 
         {% if location.target is defined %}
-		proxy_pass {{ location.target }};
+	proxy_pass {{ location.target }};
         {% elif location.php_target is defined %}
         try_files $uri =404;
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
@@ -181,7 +190,7 @@ server {
         {% endfor %}
         {% endif %}
 
-	    {% if location.other_opts is defined %}
+        {% if location.other_opts is defined %}
         {% for opt in location.other_opts %}
         {{ opt }};
         {% endfor %}
@@ -198,6 +207,7 @@ server {
 {% endif %}
 
 }
+{% endif %}
 
 {% if item.ssl_enabled %}
 server {
@@ -271,6 +281,9 @@ server {
     {% endif %}
     {% if nginx_set_content_security_options %}
     proxy_hide_header Content-Security-Policy;
+    {% if nginx_disable_content_security_options %}
+    add_header Content-Security-Policy "";
+    {% else %}
     add_header Content-Security-Policy "frame-src{% for s in nginx_content_security_src_acl %} {{ s }}{% endfor %}; frame-ancestors{% for l in nginx_content_security_ancestor_acl %} {{ l }}{% endfor %};";
     {% endif %}
     server_tokens {{ item.server_tokens | default('off') }};
@@ -303,6 +316,10 @@ server {
     {% endfor %}
     {% endif %}
 
+     {% for global_opt in item.additional_options %}
+     {{ global_opt }}
+     {% endfor %}
+
     {% if item.proxy_standard_setup is defined and item.proxy_standard_setup %}
 
     # Proxy stuff
@@ -324,13 +341,13 @@ server {
         {% if nginx_cors_enabled %}
         {% if not nginx_cors_global %}
         {% if location.cors is defined and location.cors %}
-		include /etc/nginx/snippets/nginx-cors.conf;
+	include /etc/nginx/snippets/nginx-cors.conf;
         {% endif %}
         {% endif %}
         {% endif %}
 
         {% if location.target is defined %}
-		proxy_pass {{ location.target }};
+	proxy_pass {{ location.target }};
         {% elif location.php_target is defined %}
         try_files $uri =404;
         fastcgi_split_path_info ^(.+\.php)(/.+)$;
@@ -357,7 +374,7 @@ server {
         {% endfor %}
         {% endif %}
 
-	    {% if location.other_opts is defined %}
+        {% if location.other_opts is defined %}
         {% for opt in location.other_opts %}
         {{ opt }};
         {% endfor %}