location /media/ {
        alias /opt/pretalx/data/media/;
        add_header Content-Disposition 'attachment; filename="$1"';
        expires 7d;
        access_log off;
    }

    location /static/ {
        alias /opt/pretalx/static/;
        access_log off;
        expires 365d;
        add_header Cache-Control "public";
    }

    # https://github.com/pretalx/pretalx-media-ccc-de/issues/1
    proxy_hide_header content-security-policy;
    add_header content-security-policy "form-action 'self'; default-src 'self'; img-src 'self' data: https://www.gravatar.com; style-src 'self' 'unsafe-inline'; script-src 'self'; base-uri 'none'; frame-src https://media.ccc.de";