+ proxy_set_header Connection '';
+
+ proxy_connect_timeout 5s;
+
+ # Do not pass cookies to backends.
+ proxy_set_header Cookie '';
+ # Do not pass Accept-Encoding to backends.
+ proxy_set_header Accept-Encoding '';
+
+ # Do not allow setting cookies from backends due to caching.
+ proxy_ignore_headers Set-Cookie;
+ proxy_hide_header Set-Cookie;
+
+ # Set a QoS cookie if none presented (uses nginx Map)
+ add_header Set-Cookie $cookie_qos_token_set;
+<% if node[:ssl][:strict_transport_security] -%>
+
+ # Enable HSTS
+ add_header Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" always;
+<% end -%>
+
+ # QoS Traffic Rate see $limit_rate on http://nginx.org/en/docs/http/ngx_http_core_module.html
+ set $limit_rate $limit_rate_qos;
+
+ # Allow Higher Traffic Rate from Approved User-Agents which do not support cookies (uses nginx Map)
+ if ($approved_scraper) {
+ set $limit_rate 32768;
+ }
+
+ # Strip any ?query parameters from urls
+ set $args '';
+
+ # Allow cache purging headers only from select User-Agents (uses nginx Map)
+ proxy_set_header Cache-Control $limit_http_cache_control;
+ proxy_set_header Pragma $limit_http_pragma;