Send Strict-Transport-Security header in 401 response
francis at daoine.org
Sun Jun 19 09:57:34 UTC 2016
On Sun, Jun 19, 2016 at 11:51:28AM +0200, Thomas Glanzmann wrote:
> I would like to send the header:
> add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
> Despite the 401 Unauthorized request. Is that possible?
That suggests that you can use an "always" parameter.
Is that appropriate in this case?
If not, then possibly the third-party "headers more" module may be useful.
Francis Daly francis at daoine.org
More information about the nginx