location = /sitemap.xml {
    allow all;
    log_not_found off;
    access_log off;
    # Ensure CSP is sent even for this text file
    ##add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none';" always;
    add_header Content-Security-Policy "default-src 'none'; script-src 'none'; style-src 'none'; img-src 'none'; frame-ancestors 'none'; base-uri 'none'; form-action 'none';" always;	

}