Nginx as reverse Proxy, remove X-Frame-Options header

nano nanotek at
Thu Jan 9 12:24:03 UTC 2014

On 9/01/2014 11:12 PM, Jonathan Matthews wrote:
> On 9 January 2014 11:57, Maxim Dounin <mdounin at> wrote:
>> Hello!
>> On Thu, Jan 09, 2014 at 10:21:43AM +0000, Jonathan Matthews wrote:
>>> On 9 January 2014 10:03, basti <black.fledermaus at> wrote:
>>>> Hello,
>>>> I have a closed-source Webapp that run on an IIS-Webserver and send a
>>>> "X-Frame-Options: SAMEORIGIN" header.
>>>> I also have to implement this Webapp in my own, Frame based Application.
>>>> So I try to use nginx as a reverse Proxy, but the X-Frame-Options Header
>>>> is still send.
>>>> How can I remove his header?
>>>> I have try "proxy_hide_header X-Frame-Options;" without success.
>>> You'll find the answer in the documentation:
>> The X-Frame-Options header is returned by a server-side
>> application, hence the proxy_hide_header is correct solution,
>> while proxy_set_header isn't.
> My bad. I was pretty sure I'd had success with 'set foo ""' where
> 'hide' hadn't worked in the past.
>> And, being pedantic, wiki != documentation.  Here are
>> links to the documentation:
> Ack that. I'll personally keep linking to the wiki until the documentation
> * is significantly better internally hyper-linked;
> * has documentation targeted soley towards the open source nginx,
> without having to skip to the end of each directive to check for "This
> functionality is available as part of our commercial subscription
> only";
> * has useful pages such as IfIsEvil integrated into it.
> I may be wrong about that third one still needing doing, but I
> couldn't find IfIsEvil anywhere but the wiki. The presence of a
> top-level pointer on each wiki page to is
> pretty useless, too - it needs to point to the appropriate place in
> the docs to get people to start using them.
> Didn't you guys pick up several millions a while ago, which was
> announced as being somewhat earmarked for improving documentation? :-)
> </rant>
> _______________________________________________
> nginx mailing list
> nginx at

I share your opinion regarding nginx documentation. It is woeful. 
Particularly when compared to other exemplary open source projects, such 
as Postfix and FreeBSD. My inability to easily transfer my webservers to 
nginx from Apache, due to (my own shortcomings compounded by) terribly 
inadequate documentation, nearly made the transition impossible. Insult 
was only added to injury when, after transferring some sites to the 
recommended nginx, I found very little performance enhancement. 
Admittedly, I am most probably not properly utilizing the application 
and will only see improvements when my own abilities allow it. 
Nevertheless, the documentation needs work. It is prudent to accommodate 
less technically aware users.


More information about the nginx mailing list