Behavior of security headers
nginx-forum at nginx.us
Mon Jan 26 14:35:54 UTC 2015
OK, if I understand this right - in my original config I have 2 additional
add_header (cache-control) directives in /image location. And these 2
directives prevent that the security headers will be applied on server
level? It seems so as this will explain why it works when I apply the
sec.headers on location level...
But how to handle domain-wide headers like those security headers and
location specific ones like cache-control? I mean, without repeating all
securty headers in each location?
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256270,256276#msg-256276
More information about the nginx