To conform with security requirements, the number of add_header config lines is proliferating in the nginx config template. One of the reasons for the number is that adding a single header in a location will not merge with the parent's set of headers but overwrite them!
Therefore, all parent headers must be specified again in a child location if the latter has an additional add_header entry.
There are workarounds to this that could be considered:
most_set_headers directive - provides an alternative merge-style directive to be used instead of add_header;
include directive - putting all the add_header entries into a single file then include that file with a single-line include directive.
To conform with security requirements, the number of add_header config lines is proliferating in the nginx config template. One of the reasons for the number is that adding a single header in a location will not merge with the parent's set of headers but overwrite them!
Therefore, all parent headers must be specified again in a child location if the latter has an additional add_header entry.
There are workarounds to this that could be considered: