By default, nginx only applies headers to success responses. Security-related headers, especially CSP, should always be applied: https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
By default, nginx only applies headers to success responses. Security-related headers, especially CSP, should always be applied: https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header