It is likely that our nginx configuration duplicates what is already set in some baseline configuration. Not only are they now repeated, some of them set conflicting values.
Strict-Transport-Security: max-age=15768000
Strict-Transport-Security: max-age=31536000
Strict-Transport-Security: max-age=60; includeSubDomains; preload
Vary: Accept-Encoding
Vary: Accept-Language
X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-XSS-Protection: 1; mode=block
This list can be re-generated and any fixes can be verified with the following command:
curl --head https://scancer.org | sort
It is likely that our nginx configuration duplicates what is already set in some baseline configuration. Not only are they now repeated, some of them set conflicting values.
This list can be re-generated and any fixes can be verified with the following command: