header {
	# Enable HSTS
	Strict-Transport-Security max-age=31536000;
	# Enable XSS protection
	X-XSS-Protection "1; mode=block"
	# Prevent MIME sniffing
	X-Content-Type-Options nosniff
	# Referrer policy
	Referrer-Policy strict-origin-when-cross-origin
	# Prevent embedding in external iframes
	Content-Security-Policy "frame-ancestors 'self' {$ADMIN_DOMAIN:}"
}