add headers / gixy

siefke_listen at siefke_listen at
Tue Sep 12 20:36:07 UTC 2017


I've encountered a blog article on a few add header statements. I had 
done a few online tests and it seems to be consistently ignoring all 
add header specs. I found the tool Gixy and here the same result. 
Now I ask me how do I set the Add header instructions correctly?

Thank you for help


# gixy /etc/nginx/nginx.conf

==================== Results ===================

>> Problem: [add_header_redefinition] Nested "add_header" drops parent headers.
Description: "add_header" replaces ALL parent headers. See documentation:
Additional info:
Reason: Parent headers "x-frame-options", "x-xss-protection", "x-content-type-options" was dropped in current level
Pseudo config:

include /etc/nginx/sites-enabled/;

server {
add_header Referrer-Policy no-referrer;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection 1; mode=block always;
add_header Strict-Transport-Security max-age=31536000 always;
add_header Cache-Control no-transform;

include /etc/nginx/inc/basic.conf;

include /etc/nginx/inc/location/expires.conf;

	location ~* \.(?:manifest|appcache|html?|xml|json)$ {
		add_header Cache-Control max-age=0;

	location ~* \.(?:rss|atom)$ {
		add_header Cache-Control max-age=3600;

	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
		add_header Cache-Control max-age=2592000;

	location ~* \.svgz$ {
		add_header Cache-Control max-age=2592000;

	location ~* \.(?:css|js)$ {
		add_header Cache-Control max-age=31536000;

include /etc/nginx/inc/location/cross-domain-fonts.conf;

	location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
		add_header Cache-Control max-age=2592000;
Silvio Siefke <siefke_listen at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <>

More information about the nginx mailing list