Maxim, You're indisputably right -- the IETF RFC (which I should have been using in the first place) clearly states that compliant HTTP 1.0 clients "understand any valid response in the format of HTTP/0.9 or HTTP/1.0," and that HTTP 1.0 responses can be be in the form of a status-line-less "simple response." In light of this, nginx does strictly conform to the specificationby mitch.socialcast - Nginx Mailing List - English
So as you can see its intended this way to send only body without headers. Thank you for taking the time to clarify that Rob -- I didn't realize that this was an attempt to support HTTP 0.9. I did some searching, and found the following two 'specifications' for HTTP 0.9: A) http://www.w3.org/Protocols/HTTP/AsImplemented.html B) http://www.w3.org/Protocols/HTTP/HTTP2.html Document A deby mitch.socialcast - Nginx Mailing List - English
Recently we had our nginx proxy server scanned using an enterprise security auditing tool. The scan reported that it had found a potential buffer overflow vulnerability in our web server layer. I did some googling, but couldn't really find anything relating to such a bug. After receiving more detailed scan results from our client and attempting to duplicate the requests that triggered the warniby mitch.socialcast - Nginx Mailing List - English