# hide nginx version
server_tokens off;

# add nosniff header (https://www.owasp.org/index.php/List_of_useful_HTTP_headers)
add_header X-Content-Type-Options nosniff;