Update ssl_ciphers To Latest Mozilla IntermediateUpdates to latest ciphers list for Mozilla Intermediate, which also adds support for ChaCha20 and Poly1305.
Remove Unnecessary Trailing SemicolonNo need to add a semicolon for the last directive. In addition, having that unnecessary semicolon causes the HSTS tool (https://hstspreload.org/) for getting on the preload list to fail with an error about the semicolon.
Use Cache-Control max-age instead of Expires headersCache-Control max-age was introduced in HTTP/1.1 over ten years ago
and is preferred to Expires. This replaces all expiry dates with an
equivalent max-age in seconds.
See: https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching
See: https://www.mnot.net/blog/2007/05/15/expires_max-age
Remove references to Cache-Control publicA previous commit removed some, but missed these. Where a location
directive was using Expires to set a future expiry in conjunction
with Cache-Control public, I have replaced the time with an equal
max-age.
Furthermore, Google's web performance guide says that "public" is
implicit if there is a max-age specified.
See: https://developers.google.com/web/fundamentals/performance/optimizing-cont...
Merge pull request #148 from leonklingele/add-header-alwaysAlways add security-relevant headers to the response, regardless of the response code (implements #147)