more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "X-XSS-Protection : 1; mode=block";
more_set_headers "X-Download-Options : noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies : none";
more_set_headers "X-Frame-Options : DENY";
more_set_headers "Referrer-Policy : same-origin"; # no-referrer
more_set_headers "Strict-Transport-Security : max-age=94608000; includeSubDomains; preload";
#more_set_headers "Server : nginx Niver";

more_clear_headers Server;

ssl_prefer_server_ciphers off;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

#ssl_stapling on;
#ssl_stapling_verify on;