add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# add_header X-Robots-Tag "noindex, nofollow" always;
add_header Set-Cookie "Path=/; HttpOnly; Secure";