diff --git a/nginx/include/header-security.conf b/nginx/include/header-security.conf
new file mode 100644
index 0000000..ac4b750
--- /dev/null
+++ b/nginx/include/header-security.conf
@@ -0,0 +1,28 @@
+# Inferencium - xa000-1
+# Nginx - Configuration - Include - Header - Security
+# Version: 0.1.0
+
+# Copyright 2024 Jake Winters
+# SPDX-License-Identifier: BSD-3-Clause
+
+
+ssl_protocols					TLSv1.3;
+ssl_early_data					off;
+ssl_ciphers						"ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256";
+ssl_conf_command				Ciphersuites "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256";
+ssl_conf_command				Options PrioritizeChaCha;
+ssl_prefer_server_ciphers		on;
+ssl_ecdh_curve					x25519:secp256r1;
+ssl_stapling					on;
+ssl_stapling_verify				on;
+ssl_session_timeout				1d;
+ssl_session_cache				shared:MozSSL:10m;
+ssl_session_cache				shared:ssl_session_cache:10m;
+ssl_session_tickets				off;
+add_header						Referrer-Policy no-referrer;
+add_header						Strict-Transport-Security "max-age=126200000; includeSubDomains; preload";
+add_header						X-Content-Type-Options nosniff;
+add_header						X-Frame-Options "DENY";
+add_header						Set-Cookie "Path=/;Secure;HttpOnly";
+ignore_invalid_headers			on;
+