Revision 1.4

1.1.2 Ensure NGINX is installed from source
2.1.1 Ensure only required modules are installed
2.1.2 Ensure HTTP WebDAV module is not installed
2.1.3 Ensure modules with gzip functionality are disabled
2.5.3 Ensure hidden file serving is disabled
3.5 Ensure error logs are sent to a remote syslog server
3.6 Ensure access logs are sent to a remote syslog server
4.1.12 Ensure your domain is preloaded
4.1.13 Ensure session resumption is disabled to enable perfect forward security
4.1.14 Ensure HTTP/2.0 is used
4.1.9 Ensure HTTP Public Key Pinning is enabled
5.1.1 Ensure allow and deny filters limit access to specific IP addresses
5.2.4 Ensure the number of connections per IP address is limited
5.2.5 Ensure rate limits by IP address are set
5.3.4 Ensure that Content Security Policy (CSP) is enabled and configured properly
5.3.5 Ensure the Referrer Policy is enabled and configured properly