server_tokens off;
ssl_ecdh_curve secp384r1;
ssl_dhparam /etc/ssl/plesk/dhparam.pem;
add_header Strict-Transport-Security 'max-age=15768000; includeSubdomains' always;
add_header X-Robots-Tag none;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/plesk/YourCACert.pem;
resolver 127.0.0.1 valid=300s;
resolver_timeout 10s;