# security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Expect-CT "enforce, max-age=21600" always;

# Advertise that HTTP/3 is available
#add_header Alt-Svc 'h3=":443"';
# Sent when QUIC was used
#add_header QUIC-Status $quic;

# . files
location ~ /\.(?!well-known) {
	deny all;
}