v5.0.1

• Set ssl_prefer_server_ciphers to off by @avj in #328
• Add browsing-topics to Permissions-Policy header by @dmarti in #323
• Improve README docs by @petecooper in #333
• Improve inline comments.

---

Full Changelog: 5.0.0...5.0.1

v5.0.0

• 🎉 Significant improvement on Cache-Control definition and usage
  • Cache-Control boilerplate with extensive control by @LeoColomb in #319
  • Switch to a proper no-cache directive on cache expiration config by @allantatter in #314
  • Valuable feedbacks by @StrangePeanut, @jchimene, @emansom, and @Dreamsorcerer
• Reorder and improve cache expiration expires map by @LeoColomb in #324
• Drop image/avif-sequence MIME-type in 4bc5275
• Improve inline comments.

---

Full Changelog: 4.2.0...5.0.0

v4.2.0

• Extend media, font and default cache TTL to 1 year [4a22965] [3869706]
• Add compression support for .ico files [537a022]
• Dropped legacy and non web related file types [a961768] [175cc52]

---

Recommended reading: https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/

v4.1.0

• Add support for custom values import [fbdaa3f]

v4.0.0

• ⚠️ Breaking: End of support for Internet Explorer (X-UA-Compatible and X-XSS-Protection headers) [4556277] [836467c]
• 🎉 Security first! Modernize TLS configuration [688348a]
• 🎉 Security first! Refresh policies-related headers usage
  • Add Cross Origin Policies headers (COOP/COEP/CORP) [25a569d]
  • Add Permissions-Policy header [36310b9]
  • Make Content-Security-Policy disallow 'object-src' by default [8600df1]
• Add mime-type image/jxl [b9ef881]
• Improve inline comments.

v3.3.0

• Add mime-type image/avif and image/avifs [a9aea70]
• Add mime-type image/apng [ba4967f]
• Improve inline comments.

v3.2.0

• Stricter default for Referrer Policy strict-origin-when-cross-origin [e0724b8]
• Revert: drop Cache-Control: no-transform usage [bc39e4c]
• Rewrite, improve and update a large part of the documentation [0af3052][177a5e9][5ca3aed][bb2a30c][5ca3aed]
• Ensure the presence of security headings where expected [4168940][3615dfa][98de990]
• Remove non-ASCII character from config files [d2f5972]
• Improve inline comments.

v3.1.0

• Drop Cache-Control: no-transform usage [282d979]
• Disable cache expiration for empty content-type resources [c73d1ef]
• Remove Content-Security-Policy from basic.conf includes [29ff09a]
• Improve default Content-Security-Policy values [276af8d]
• Add Google Public DNS IPv6 and Cloudflare DNS IP addresses to default resolver [28874c3]
• Pre-compressed content usage config files [8db768b]
• Improve inline comments.

v3.0.1

• Use regexp in MIME-types based maps [d65cd97] [db1601f]
• Fix SVGZ compression handling [cec616a]
• Add Referrer-Policy for HTML documents by default [f600128]

v3.0.0

• ⚠️ Breaking: Drop support for Nginx version < 1.8.0 [1f5d635]
• ⚠️ Breaking: Switch from sites-enabled/available to conf.d [306af36]
• ⚠️ Breaking: Refactor h5bp/ directives to strict atomic structure [496af1c] [2d13505]
• ⚠️ Breaking: Refactor and modernize TLS/SSL directives [1b2b4eb...d2531ac]
• ⚠️ Breaking: Move common header directives from location directives to mapped values based on MIME-types [6dd4cc2]
• 🎉 Tests! Add tests and configure continuous integration to help community contributions [52e1353]
• Replace location block add_header directives with expires directives [135d093]
• Support hashed asset names [1b2b4eb]
• Update many values in MIME-types table [62dbd41] [08272b6] [9c6aad8] [b244111] [94262e7] [b244111] [fe7ff95]
• Remove outdated inline script [8a4a1ce]
• Improve inline comments and review documentation.