# Nginx gzip compression configuration
# Include this in your nginx server block or http context

# Enable gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_min_length 1024;

# File types to compress
gzip_types
    text/plain
    text/css
    text/xml
    text/javascript
    application/json
    application/javascript
    application/x-javascript
    application/xml
    application/xml+rss
    application/vnd.ms-fontobject
    application/x-font-ttf
    font/opentype
    image/svg+xml
    image/x-icon;

# Don't compress already compressed files or tiny files
gzip_disable "msie6";

# Security headers (add to every server block response)
# Note: X-Frame-Options is intentionally omitted here — Laravel SecurityHeaders middleware
# sets it to the stricter "DENY" value. Setting it here too would create conflicting
# duplicate headers across infrastructure layers.
add_header X-Content-Type-Options "nosniff" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;

# Example usage in nginx server block:
# server {
#     listen 80;
#     server_name example.com;
#
#     include /path/to/nginx-gzip.conf;
#
#     # ... rest of config
# }