events {
  worker_connections 1024;
}
http {
  server {
    listen 80;
    keepalive_timeout 70;
    add_header Content-Security-Policy "default-src 'self';";
    add_header X-Frame-Options SAMEORIGIN always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "no-referrer";
    sendfile on;
    tcp_nopush on;

    location / {
      root /srv/;
      add_header Access-Control-Allow-Origin "*";
      add_header Content-Disposition "inline";
    }
  }
}