Send Strict-Transport-Security header in 401 response

Francis Daly francis at daoine.org
Sun Jun 19 09:57:34 UTC 2016


On Sun, Jun 19, 2016 at 11:51:28AM +0200, Thomas Glanzmann wrote:

Hi there,

> I would like to send the header:
> 
> add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
> 
> Despite the 401 Unauthorized request. Is that possible?

http://nginx.org/r/add_header

That suggests that you can use an "always" parameter.

Is that appropriate in this case?

If not, then possibly the third-party "headers more" module may be useful.

	f
-- 
Francis Daly        francis at daoine.org



More information about the nginx mailing list