add headers / gixy

siefke_listen at web.de siefke_listen at web.de
Tue Sep 12 20:36:07 UTC 2017


Hi,

I've encountered a blog article on a few add header statements. I had 
done a few online tests and it seems to be consistently ignoring all 
add header specs. I found the tool Gixy and here the same result. 
Now I ask me how do I set the Add header instructions correctly?

Thank you for help
Silvio

----

# gixy /etc/nginx/nginx.conf

==================== Results ===================

>> Problem: [add_header_redefinition] Nested "add_header" drops parent headers.
Description: "add_header" replaces ALL parent headers. See documentation: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
Reason: Parent headers "x-frame-options", "x-xss-protection", "x-content-type-options" was dropped in current level
Pseudo config:

include /etc/nginx/sites-enabled/silviosiefke.de.conf;

server {
server_name silviosiefke.de www.silviosiefke.de;
add_header Referrer-Policy no-referrer;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection 1; mode=block always;
add_header Strict-Transport-Security max-age=31536000 always;
add_header Cache-Control no-transform;

include /etc/nginx/inc/basic.conf;

include /etc/nginx/inc/location/expires.conf;

	location ~* \.(?:manifest|appcache|html?|xml|json)$ {
		add_header Cache-Control max-age=0;
	}

	location ~* \.(?:rss|atom)$ {
		add_header Cache-Control max-age=3600;
	}

	location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
		add_header Cache-Control max-age=2592000;
	}

	location ~* \.svgz$ {
		add_header Cache-Control max-age=2592000;
	}

	location ~* \.(?:css|js)$ {
		add_header Cache-Control max-age=31536000;
	}

include /etc/nginx/inc/location/cross-domain-fonts.conf;

	location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
		add_header Cache-Control max-age=2592000;
	}
}
-- 
Silvio Siefke <siefke_listen at web.de>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170912/82163fcf/attachment.bin>


More information about the nginx mailing list