diff --git a/README.md b/README.md
index 8988ade..12cd8ae 100644
--- a/README.md
+++ b/README.md
@@ -15,6 +15,7 @@ In server block:
 server {
 	# ...
 	include snippets/cert/mydomain.com.conf;
+	include	kit/ssl/security.conf;
 	include	kit/ssl/hsts.conf;
 	include	kit/ssl/force.conf;
 	# ...
@@ -28,7 +29,7 @@ server {
 ```bash
 cd /etc/nginx
 mkdir snippets/cert
-cp kit/templates/cert-example.com.conf snippets/cert/mydomain.com.conf
+cp kit/templates/cert/example.com.conf snippets/cert/mydomain.com.conf
 vi snippets/cert/mydomain.com.conf
 ```
 
@@ -38,6 +39,8 @@ Replace the path with yours, then include in your server block:
 server {
 	# ...
 	include snippets/cert/mydomain.com.conf;
+	include kit/ssl/security.conf;
+	include kit/ssl/hsts.conf;
 	# ...
 }
 ```
diff --git a/examples/example.com.conf b/examples/example.com.conf
index 96f1743..8c8dbe2 100644
--- a/examples/example.com.conf
+++ b/examples/example.com.conf
@@ -13,6 +13,7 @@ server {
 	index index.html index.htm;
 
 	include snippets/cert/mydomain.com.conf;
+	include kit/ssl/security.conf;
 	include kit/ssl/hsts.conf;
 	include kit/redirect/to-primary-domain.conf;
 	include kit/ssl/force.conf;
diff --git a/redirect/to-primay-domain.conf b/redirect/to-primary-domain.conf
similarity index 97%
rename from redirect/to-primay-domain.conf
rename to redirect/to-primary-domain.conf
index e9b93c1..eea894f 100644
--- a/redirect/to-primay-domain.conf
+++ b/redirect/to-primary-domain.conf
@@ -1,3 +1,3 @@
 if ($host != $server_name) {
 	return 307 $scheme://$server_name$request_uri;
-}
\ No newline at end of file
+}
diff --git a/ssl/security.conf b/ssl/security.conf
new file mode 100644
index 0000000..1927b5a
--- /dev/null
+++ b/ssl/security.conf
@@ -0,0 +1,8 @@
+ssl_protocols TLSv1.2 TLSv1.3;
+ssl_ecdh_curve auto;
+
+ssl_session_cache shared:SSL:10m;
+ssl_session_timeout 10m;
+
+# Prefer stateless session resumption only when you rotate shared ticket keys.
+ssl_session_tickets off;
diff --git a/templates/certs-example.com.conf b/templates/cert/example.com.conf
similarity index 100%
rename from templates/certs-example.com.conf
rename to templates/cert/example.com.conf