Minor Nginx tweaks

Because of privacy concerns it's desirable to disable referrer, FLoC and
Cloudflare as resolver.

nginx/conf.d/default.conf

@@ -61,7 +61,7 @@ server {
     # OCSP stapling
     ssl_stapling on;
     ssl_stapling_verify on;
-    resolver 1.1.1.1;
+    #resolver 1.1.1.1;
 
     # verify chain of trust of OCSP response using Root CA and Intermediate certs
     #ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
@@ -72,8 +72,9 @@ server {
     add_header X-Frame-Options "SAMEORIGIN" always;
     add_header X-XSS-Protection "1; mode=block" always;
     add_header X-Content-Type-Options "nosniff" always;
-    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+    add_header Referrer-Policy no-referrer;
     add_header Strict-Transport-Security "max-age=63072000" always;
+    add_header Permissions-Policy "interest-cohort=()";
 
     ## locations
     # ACME-challenge