Behavior of security headers

okamzol nginx-forum at
Mon Jan 26 14:35:54 UTC 2015

OK, if I understand this right - in my original config I have 2 additional
add_header (cache-control) directives in /image location. And these 2
directives prevent that the security headers will be applied on server
level? It seems so as this will explain why it works when I apply the
sec.headers on location level...

But how to handle domain-wide headers like those security headers and
location specific ones like cache-control? I mean, without repeating all
securty headers in each location?

Posted at Nginx Forum:,256270,256276#msg-256276

More information about the nginx mailing list