I have enabled gzip with
to satisfy incoming HTTP 1.0 requests.
In a very similiar setup which got OWASP-evaluated, I read this - marked
“The web server sent a Vary header, which indicates that server-driven
negotiation was done to determine which content should be delivered.
may indicate that different content is available based on the headers in
IMHO this is a false positive …
This is what I send:
HTTP/1.1 200 OK
Date: Tue, 27 May 2014 17:55:23 GMT
Content-Type: text/html; charset=utf-8
What do you think ?
Posted at Nginx Forum: