Tweet

December 13, 2019 at 5:09:57 PM

Braindump without checking the details or looking for best practices: I’d say it doesn’t matter for HSTS, CSP and x-frame-options as long as they reach the client. X-Forwarded-* should be set at nginx to pass valid information about the client connections to the upstreams.

(original)