add_header Cache-Control "public, no-cache";
add_header Referrer-Policy "unsafe-url";

# The new Content-Security-Policy HTTP response header helps you reduce XSS risks on modern browsers by declaring what dynamic resources are allowed to load via a HTTP Header.
# https://content-security-policy.com/
#add_header Content-Security-Policy " ";