+ # Enable compression for JS/CSS/HTML bundle, for improved client load times.
+ # It might be nice to compress JSON, but leaving that out to protect against potential
+ # compression+encryption information leak attacks like BREACH.
+ gzip on;
+ gzip_types text/css application/javascript;
+ gzip_vary on;
+
+ # Enable HSTS
+ # Tells browsers to stick with HTTPS and never visit the insecure HTTP
+ # version. Once a browser sees this header, it will only visit the site over
+ # HTTPS for the next 2 years: (read more on hstspreload.org)
+ #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";