Hello everybody. I have server with nginx in conjunction with php-fpm. In the nginx configuration (/etc / nginx/nginx.conf) to block http prescribed:
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1;mode=block";
When I open the website via http, these headers returned from the server, once switched to https and put a redirect on the version page over https, data headers the server returns. Tell me, please, why?
I checked the server's response, without typing the Protocol, the domain name and got this picture: