Security Headers not added

[hotblack74]

Hi there, and thanks for a great image. That said, I do have a smaller problem where I can't seem to get my security headers to pick up.

in proxy.conf I have the following:

add_header Strict-Transport-Security "max-age=10886400";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";

Been googling around for a while now, but kind of stuck. Have the feeling it is a minor thing I am missing, but who knows.

Ideas would very much be appreciated.

[DanielDent]

Hi @hotblack74 , I suspect what is going on for you is related to: https://www.peterbe.com/plog/be-very-careful-with-your-add_header-in-nginx

Note that those headers are all added automatically by this image.

[hotblack74]

@DanielDent Thank you. I do not know how I got my error in the beginning, cause you are totally right, the needed headers were already there so by removing them all together everything is fine.

Maybe I was using an obsolete proxy.conf example file?

Anyway, thank you for your extremely swift response.