Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

nginx sends duplicate header

Tags:

nginx

nginx-config

In my nginx.conf file I define a header on the http level

add_header Strict-Transport-Security "max-age=86400; includeSubDomains" always;

When I check the network response headers in chrome dev tools, it shows 2 of those headers

strict-transport-security: max-age=15552000; includeSubDomains
strict-transport-security: max-age=86400; includeSubDomains

Notes:

  • In my config file I only use add_header once.
  • I also have no include directive
  • I cannot find another nginx.conf file in the nginx-docker image

Questions:

  • Any idea where the 2nd header can come from?
    i.e. some default or some inheritance from another config file)
  • Maybe any idea how I could debug this?
like image 806
TmTron Avatar asked Feb 01 '26 23:02

TmTron

1 Answers

thanks @RichardSmith for the great comment.

  • nginx -T is really great for testing, as it will show the full configuration (with all includes, etc.)
  • curl -I also showed both headers (to make sure that the browser does not used any cache, etc.)
  • in deed the 2nd header was sent from the upstream server - and then nginx added the one I defined in the nginx.conf
like image 156
TmTron Avatar answered Feb 04 '26 02:02

TmTron
Sign in to Comment

Related questions

Docker-compose + Nginx + Certbot + Simple Django Rest Framework app
Nginx as reverse proxy: How to display a custom error page for upstream errors, UNLESS the upstream says not to?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!