Cloudflare with nginx stripping security headers

I am facing an issue where cloudflare is stripping off x-frame-options and CSP header from my origin server nginx. I see that through cloudflare worker we can do that but is it possible not allow cloudflare bypass the x-frame-options.

Cloudflare doesn’t mess with headers like those at all. Could you provide an example page where this happens, and include part of your nginx config that deals with adding the headers?

Hi, Thank you . Finally it worked. It was due to one single line “add header” inside location block due to which global add header were not showing.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.