I have Nginx + FastCGI for php. My server is sending duplicate headers. How to fix it?

Posted May 20, 2020 2.2k views
NginxPHPLEMPUbuntu 18.04

I am running a LEMP server with Ubuntu 18. If I curl my URL:
curl -i it shows the proper headers. But if I go to the website itself (under construction) it shows multiple headers including CSP which breaks a lot of stuff.

Could anyone help? I’ve checked every single file in /etc/nginx and I can’t figure out what is sending the duplicate header. my website/website.conf (renamed here) file lists the proper CSP and other headers I need.



These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
3 answers

That should read, “it shows multiple duplicate headers…”

^ I was heading out to lunch when I wrote that sorry.

But if I go to the website itself (under construction) it shows multiple duplicate headers including CSP which breaks a lot of stuff. (On both Firefox and Chrome dev tools…displays something like this, notice all the duplicates)

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 May 2020 20:52:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self';:       font-src 'self';:       img-src 'self';:        style-src 'self';:  :
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline'
Content-Language: en
Cache-Control: no-cache, must-revalidate, stale-while-revalidate, max-age=0, private, no-transform
Pragma: no-cache
Expires: 0

Here’s a copy of my custom.conf:

server {
        listen 80;
        root /var/www/html/xxx;
        index index.php index.html index.htm index.nginx-debian.html;
        server_name xxx;
        add_header Content-Security-Policy "
                default-src 'self';
                font-src 'self';
                img-src 'self';
                style-src 'self';
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options DENY;
        fastcgi_pass_request_headers on;
        location / {
                try_files $uri $uri/ =404;
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        location ~ /\.ht {
                deny all;

Also, here’s something that may help I think? I followed this guide to the letter.

by Justin Ellingwood
by Mark Drake
This tutorial details the process for installing and configuring the components that constitute a LEMP stack on an Ubuntu 18.04 server, including Nginx, MySQL, and PHP. It also includes instructions for testing that these components can communicate effectively and serve your content correctly.