Link Search Menu Expand Document
Table of contents

Basic custom add_header example

server {
    listen 80;
    server_name 198.255.25.1;
    root /sites/demo; 

    location = /thumb.png {
        add_header my_header "hello world";
        # test the custom header: curl https://domain.com/thumb.png
        # get response header: `my_header: hello world`
        add_header Cache_Control public;
        add_header Pragma public;
        add_header Vary Accept-Enconding;
        expires 60m; # case sensitive M/m: 1M = 1 month, 60m = 60 minutes; 
    }

    location ~* \.(css|js|jpg|png) {
        access_log off; # No log on static request 
    }
}

General HTTP headers

  add_header Access-Control-Allow-Origin *;
  add_header X-Frame-Options SAMEORIGIN; # CORS header, same origin
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
  add_header Last-Modified $date_gmt;

CROS - simple requests

  location / {
        if ($request_method ~* "(GET|POST)") {
                add_header "Access-Control-Allow-Origin"  *;
                }
          }

Preflight request

  if ($request_method = OPTIONS ) {
        add_header "Access-Control-Allow-Origin"  *;
        add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
        add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept";
    return 200;
  }

Server block example

    server {
        listen 80;
        server_name 198.255.25.1;
        root /sites/demo; 

        location = /thumb.png {
            add_header my_header "hello world";
            add_header Cache_Control public;
            add_header Pragma public;
            add_header Vary Accept-Enconding;
            expires 60m; 
            # max-age is relating to expires;
            # 1M = 1 month, 60m = 60 minutes; 
        }

        location ~* \.(css|js|jpg|png) {
            access_log off; 
        }
    }