I am running a LEMP server with Ubuntu 18. If I curl my URL:
curl -i thexeno.com it shows the proper headers. But if I go to the website itself (under construction) it shows multiple headers including CSP which breaks a lot of stuff.

Could anyone help? I’ve checked every single file in /etc/nginx and I can’t figure out what is sending the duplicate header. my website/website.conf (renamed here) file lists the proper CSP and other headers I need.



These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

3 answers

That should read, “it shows multiple duplicate headers…”

^ I was heading out to lunch when I wrote that sorry.

But if I go to the website itself (under construction) it shows multiple duplicate headers including CSP which breaks a lot of stuff. (On both Firefox and Chrome dev tools…displays something like this, notice all the duplicates)

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 20 May 2020 20:52:45 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: default-src 'self';:       font-src 'self';:       img-src 'self';:        style-src 'self';:  :
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
Content-Security-Policy: default-src 'self';script-src 'self' 'unsafe-eval' 'unsafe-inline';style-src 'self' 'unsafe-inline'
Content-Language: en
Cache-Control: no-cache, must-revalidate, stale-while-revalidate, max-age=0, private, no-transform
Pragma: no-cache
Expires: 0

Here’s a copy of my custom.conf:

server {
        listen 80;
        root /var/www/html/xxx;
        index index.php index.html index.htm index.nginx-debian.html;
        server_name xxx;
        add_header Content-Security-Policy "
                default-src 'self';
                font-src 'self';
                img-src 'self';
                style-src 'self';
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options DENY;
        fastcgi_pass_request_headers on;
        location / {
                try_files $uri $uri/ =404;
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        location ~ /\.ht {
                deny all;

Also, here’s something that may help I think? I followed this guide to the letter. https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-ubuntu-18-04

by Justin Ellingwood
by Mark Drake
This tutorial details the process for installing and configuring the components that constitute a LEMP stack on an Ubuntu 18.04 server, including Nginx, MySQL, and PHP. It also includes instructions for testing that these components can communicate effectively and serve your content correctly.
Submit an Answer