add_header Strict-Transport-Security "max-age=15768000; includeSubDomains;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Access-Control-Allow-Origin '*';

client_max_body_size 50m;