{% if env.NGX_HTTP_TRANSPARENT_PROXY == '0' %} response_headers: Permissions-Policy: "accelerometer=(), autoplay=(), browsing-topics=(), camera=(), clipboard-read=(), clipboard-write=(), geolocation=(), gyroscope=(), hid=(), interest-cohort=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=()" Referrer-Policy: "no-referrer-when-downgrade" Strict-Transport-Security: "max-age=15724800; includeSubDomains; preload" X-Content-Type-Options: "nosniff" X-Frame-Options: "SAMEORIGIN" X-XSS-Protection: "1; mode=block" {% endif %}