### gzip + compression global rules
### to be included a single time throughout this nginx instance
### headers rules are also consolidated here

gzip on; 
gzip_disable "msie6";
gzip_vary on; 
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k; 
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

# Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
add_header Strict-Transport-Security "max-age=31536000;includeSubDomains";

## Header hardening
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";