more_set_headers "X-Content-Type-Options : nosniff";
#more_set_headers "X-XSS-Protection : 1; mode=block";
#more_set_headers "X-Download-Options : noopen";
#more_set_headers "X-Permitted-Cross-Domain-Policies : none";
#more_set_headers "X-Frame-Options : DENY";
more_set_headers "Referrer-Policy : no-referrer";
more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
more_clear_headers Server;

ssl_prefer_server_ciphers off;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

ssl_early_data off;