v0.1.0

Fixed

• HSTS set to 1 year instead of 2 years by default (#18)
• New default X-XSS-Protection: 0, see #19

v0.0.11

Fixed

• Sending HSTS header no longer requires building with OpenSSL #12
• Fixes HSTS preload was not added by default #15

v0.0.10

• Ability to opt-out of added preload addition for HSTS, using security_headers_hsts_preload off;.
• Remove X-Application-Version header
• For adding HSTS, check URL protocol instead of connection protocol to be 'https://' #12

v0.0.9

• Hide more server tokens
• Optimization (e.g. don't send X-Frame-Options for non-HTML)

v0.0.8

Added security_headers_referrer_policy directive

v0.0.7

• Reliable header replacement
• Added HSTS

v0.0.4

Overwrites existing security headers, instead of duplicating them

v0.0.3

Changed module to AUX_FILTER

v0.0.2

Compilation fix was added

v0.0.1

For packaging to the repository https://www.getpagespeed.com/redhat