Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Elizabeth Lawrence2019-03-26 23:33:12
Nginx
Elizabeth Lawrence, 2019-03-26 23:33:12

Why are X-Content-Type-Options, X-XSS-Protection headers not returned on https?

Hello everybody. I have an nginx server in conjunction with php-fpm. In the nginx config (etc/nginx/nginx.conf) in the http block I wrote:

add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1;mode=block";

When my site was opened via http, these headers were returned from the server, as soon as I switched to https and set a redirect, the server does not return these headers on the https version of the page. Tell me, please, why?
I checked the server response by entering the domain name without protocol and got this picture:
5c9a8c6a94766881460075.png

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
dodo512, 2019-03-26
@Svoeobraznaya

nginx.org/ru/docs/http/ngx_http_headers_module.htm...
The server block for https has a add_header Strict-Transport-Security, so directives from the previous level are not inherited.

Similar questions
I
Ilya Trusov2016-03-29 17:14:13
How to solve the problem with "Mixed HTTPS content"? 1Reply
A
Alexey2018-08-21 16:04:42
Nginx doesn't allow Angular routing? 1Reply
F
fenric2014-01-12 23:11:20
How to detect 404 error in nginx on port 80 and redirect request to port 8080, which apache server is listening on? 5Reply
M
MrFallen2020-08-02 08:56:46
Why is NGINX throwing a 500 error? 0Reply
M
MakarkinPRO2018-08-26 22:39:00
How to set up ffmpeg + nginx rtpm? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question