Hi, there is no chance to avoid the duplicates. I asked the same questions some time ago. For detailed answer on my question see http://forum.nginx.org/read.php?2,256270,256279#msg-256279. I think this will answer your question too. Best Regardsby okamzol - Nginx Mailing List - English
OK, if I understand this right - in my original config I have 2 additional add_header (cache-control) directives in /image location. And these 2 directives prevent that the security headers will be applied on server level? It seems so as this will explain why it works when I apply the sec.headers on location level... But how to handle domain-wide headers like those security headers and locationby okamzol - Nginx Mailing List - English
That's exactly the point - I wanted to set these headers on server level to become valid for the whole domain and all inherent location blocks. This avoids the need to repeat all headers in each location...by okamzol - Nginx Mailing List - English
Hi, I've a question regarding the different security headers (Content-Security-Policy, etc.) which can be set via add_header. In the docs it is mentioned that "add_header" can be set on every level (http, server, location). So i tried to set some security related header in the server block related to one domain. But this did not work as expected - in detail it did not work at all. Eby okamzol - Nginx Mailing List - English
Hallo zusammen, ich habe ein kleines Verständnisproblem was die Konfiguration der verschiedenen Security Header (Content-Security-Policy, etc.) angeht... Laut Beschreibung können header mit add_header in allen Kontexten (http, server, location) gesetzt werden. Also habe ich sie im server Block für die entsprechende Domain gesetzt. Allerdings wurden sie hier nicht angezogen... (Ja, nginx wurby okamzol - German Forum