<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap:break-word"><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">Hi!</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">here is the describtion about add_header may can help you.</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto">><span style="font-family:sans-serif;text-align:justify"> Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, 307, or 308. The value can contain variables.</span></div><p style="text-align:justify;font-family:sans-serif">> There could be several <code>add_header</code> directives. These directives are inherited from the previous level if and only if there are no <code>add_header</code> directives defined on the current level.</p> <div id="bloop_sign_1505268004757992960" class="bloop_sign"></div> <div><br></div><a href="http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header">http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header</a><div><br><p class="airmail_on">On 13 September 2017 at 04:36:40, <a href="mailto:siefke_listen@web.de">siefke_listen@web.de</a> (<a href="mailto:siefke_listen@web.de">siefke_listen@web.de</a>) wrote:</p> <blockquote type="cite" class="clean_bq"><span><div><div></div><div>Hi,
<br>
<br>I've encountered a blog article on a few add header statements. I had
<br>done a few online tests and it seems to be consistently ignoring all
<br>add header specs. I found the tool Gixy and here the same result.
<br>Now I ask me how do I set the Add header instructions correctly?
<br>
<br>Thank you for help
<br>Silvio
<br>
<br>----
<br>
<br># gixy /etc/nginx/nginx.conf
<br>
<br>==================== Results ===================
<br>
<br>>> Problem: [add_header_redefinition] Nested "add_header" drops parent headers.
<br>Description: "add_header" replaces ALL parent headers. See documentation: <a href="http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header">http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header</a>
<br>Additional info: <a href="https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md">https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md</a>
<br>Reason: Parent headers "x-frame-options", "x-xss-protection", "x-content-type-options" was dropped in current level
<br>Pseudo config:
<br>
<br>include /etc/nginx/sites-enabled/silviosiefke.de.conf;
<br>
<br>server {
<br>server_name <a href="http://silviosiefke.de">silviosiefke.de</a> <a href="http://www.silviosiefke.de">www.silviosiefke.de</a>;
<br>add_header Referrer-Policy no-referrer;
<br>add_header X-Frame-Options SAMEORIGIN always;
<br>add_header X-Content-Type-Options nosniff always;
<br>add_header X-XSS-Protection 1; mode=block always;
<br>add_header Strict-Transport-Security max-age=31536000 always;
<br>add_header Cache-Control no-transform;
<br>
<br>include /etc/nginx/inc/basic.conf;
<br>
<br>include /etc/nginx/inc/location/expires.conf;
<br>
<br> location ~* \.(?:manifest|appcache|html?|xml|json)$ {
<br> add_header Cache-Control max-age=0;
<br> }
<br>
<br> location ~* \.(?:rss|atom)$ {
<br> add_header Cache-Control max-age=3600;
<br> }
<br>
<br> location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
<br> add_header Cache-Control max-age=2592000;
<br> }
<br>
<br> location ~* \.svgz$ {
<br> add_header Cache-Control max-age=2592000;
<br> }
<br>
<br> location ~* \.(?:css|js)$ {
<br> add_header Cache-Control max-age=31536000;
<br> }
<br>
<br>include /etc/nginx/inc/location/cross-domain-fonts.conf;
<br>
<br> location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
<br> add_header Cache-Control max-age=2592000;
<br> }
<br>}
<br>--
<br>Silvio Siefke <<a href="mailto:siefke_listen@web.de">siefke_listen@web.de</a>>
<br>_______________________________________________
<br>nginx mailing list
<br><a href="mailto:nginx@nginx.org">nginx@nginx.org</a>
<br><a href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a></div></div></span></blockquote></div></body></html>