# https://securityheaders.io/
add_header Referrer-Policy no-referrer;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";