In my Nginx setup, I used the following add header configurations. But when I check my site JS and CSS resources header, it's not added these add_header configurations to HTTP header. What's missing in my configuration? When I check home page and post pages URL's header, I can see the following add_header configurations.
add_header Cache-Control "public, max-age=31536000, s-maxage=3600, proxy-revalidate";
add_header X-Cache $upstream_cache_status;
add_header Referrer-Policy: strict-origin-when-cross-origin;
add_header X-DNS-Prefetch-Control On;
add_header "Access-Control-Allow-Origin" "*";
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
This is my server block file. Above add_header configurations are saved on include vhost.d/*.conf; directory.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name site.com www.site.com;
# WebinolySSLstart
ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/site.com/chain.pem;
# WebinolySSLend
access_log on;
error_log /var/log/nginx/site.com.error.log;
access_log /var/log/nginx/site.com.access.log;
root /var/www/site.com/htdocs;
index index.php index.html index.htm;
include common/auth.conf;
# WebinolyCustom
#fast-cgi cache
include cachekeys/site.conf;
# WebinolyCustomEnd
include common/wpfc.conf;
include common/wpcommon.conf;
include common/locations.conf;
include common/headers-http.conf;
include common/headers-https.conf;
include common/headers-html.conf;
include common/yoast-sitemap.conf;
include /var/www/site.com/*-nginx.conf;
#my custom configurations.
include custom/sql-attack.conf;
include vhost.d/*.conf;
}
