server_tokens off;
## Don't show the nginx version number, a security best practice
  
add_header	Referrer-Policy	origin-when-cross-origin always;
add_header	X-Frame-Options	SAMEORIGIN;
add_header	X-Content-Type-Options	nosniff;
#add_header	X-XSS-Protection "1; mode=block" always;
add_header	X-XSS-Protection "0";

#more_clear_headers	'X-Powered-By';

# Redirect `example.com.` to `example.com`
if ($http_host ~ "\.$" ){
    rewrite ^(.*) $scheme://$host$1 permanent;
}