Behavior of security headers

Valentin V. Bartenev vbart at
Mon Jan 26 13:48:18 UTC 2015

On Monday 26 January 2015 08:38:08 okamzol wrote:
> That's exactly the point - I wanted to set these headers on server level to
> become valid for the whole domain and all inherent location blocks. This
> avoids the need to repeat all headers in each location...

But are you sure, that you don't have add_header directives in your location
blocks at the same time?

Please note:

   server {
       add_header X-Header-One one;
       add_header X-Header-Two two;

       location / {
           add_header X-Header-Three three;

in the configuration above only the X-Header-Three will be added to response.

  wbr, Valentin V. Bartenev

More information about the nginx mailing list