add headers / gixy

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

add headers / gixy

Silvio Siefke-2
Hi,

I've encountered a blog article on a few add header statements. I had
done a few online tests and it seems to be consistently ignoring all
add header specs. I found the tool Gixy and here the same result.
Now I ask me how do I set the Add header instructions correctly?

Thank you for help
Silvio

----

# gixy /etc/nginx/nginx.conf

==================== Results ===================

>> Problem: [add_header_redefinition] Nested "add_header" drops parent headers.
Description: "add_header" replaces ALL parent headers. See documentation: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
Reason: Parent headers "x-frame-options", "x-xss-protection", "x-content-type-options" was dropped in current level
Pseudo config:

include /etc/nginx/sites-enabled/silviosiefke.de.conf;

server {
server_name silviosiefke.de www.silviosiefke.de;
add_header Referrer-Policy no-referrer;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection 1; mode=block always;
add_header Strict-Transport-Security max-age=31536000 always;
add_header Cache-Control no-transform;

include /etc/nginx/inc/basic.conf;

include /etc/nginx/inc/location/expires.conf;

        location ~* \.(?:manifest|appcache|html?|xml|json)$ {
                add_header Cache-Control max-age=0;
        }

        location ~* \.(?:rss|atom)$ {
                add_header Cache-Control max-age=3600;
        }

        location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
                add_header Cache-Control max-age=2592000;
        }

        location ~* \.svgz$ {
                add_header Cache-Control max-age=2592000;
        }

        location ~* \.(?:css|js)$ {
                add_header Cache-Control max-age=31536000;
        }

include /etc/nginx/inc/location/cross-domain-fonts.conf;

        location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
                add_header Cache-Control max-age=2592000;
        }
}
--
Silvio Siefke <[hidden email]>

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

attachment0 (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: add headers / gixy

Zhang Chao
Hi!

here is the describtion about add_header may can help you.

>  Adds the specified field to a response header provided that the response code equals 200, 201, 204, 206, 301, 302, 303, 304, 307, or 308. The value can contain variables.

> There could be several add_header directives. These directives are inherited from the previous level if and only if there are no add_header directives defined on the current level.


http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header

On 13 September 2017 at 04:36:40, [hidden email] ([hidden email]) wrote:

Hi,

I've encountered a blog article on a few add header statements. I had
done a few online tests and it seems to be consistently ignoring all
add header specs. I found the tool Gixy and here the same result.
Now I ask me how do I set the Add header instructions correctly?

Thank you for help
Silvio

----

# gixy /etc/nginx/nginx.conf

==================== Results ===================

>> Problem: [add_header_redefinition] Nested "add_header" drops parent headers.
Description: "add_header" replaces ALL parent headers. See documentation: http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
Additional info: https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
Reason: Parent headers "x-frame-options", "x-xss-protection", "x-content-type-options" was dropped in current level
Pseudo config:

include /etc/nginx/sites-enabled/silviosiefke.de.conf;

server {
server_name silviosiefke.de www.silviosiefke.de;
add_header Referrer-Policy no-referrer;
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection 1; mode=block always;
add_header Strict-Transport-Security max-age=31536000 always;
add_header Cache-Control no-transform;

include /etc/nginx/inc/basic.conf;

include /etc/nginx/inc/location/expires.conf;

location ~* \.(?:manifest|appcache|html?|xml|json)$ {
add_header Cache-Control max-age=0;
}

location ~* \.(?:rss|atom)$ {
add_header Cache-Control max-age=3600;
}

location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|mp4|ogg|ogv|webm|htc)$ {
add_header Cache-Control max-age=2592000;
}

location ~* \.svgz$ {
add_header Cache-Control max-age=2592000;
}

location ~* \.(?:css|js)$ {
add_header Cache-Control max-age=31536000;
}

include /etc/nginx/inc/location/cross-domain-fonts.conf;

location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
add_header Cache-Control max-age=2592000;
}
}
--
Silvio Siefke <[hidden email]>
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx