# Activate HSTS (HTTP Strict Transport Security)
# Note: if we set another header in a location we've to
#       rewrite it
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;