# HSTS
# 1 year = 31536000 seconds
#add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains' always;
# HSTS preloading (see https://hstspreload.org)
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;

# HTTP/2 & HTTP/3
# 1 day = 86400 seconds
add_header Alt-Svc 'h3=":443"; ma=86400, h2=":443"; ma=86400';

add_header Referrer-Policy 'no-referrer' always;

add_header X-Content-Type-Options 'nosniff' always;
add_header X-XSS-Protection '1; mode=block' always;