That's exactly the point - I wanted to set these headers on server level to become valid for the whole domain and all inherent location blocks. This avoids the need to repeat all headers in each location... Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256270,256273#msg-256273