NGINX Security Headers Module: Complete Configuration Guide
by Danila Vershinin, February 21, 2026
Configure NGINX security headers the right way with the ngx_security_headers module. This comprehensive guide covers all directives including X-Frame-Options, Referrer-Policy, HSTS, Cross-Origin policies, and automatic header hiding. Includes installation, configuration examples, and security best practices.
Read More...NGINX max_headers: Prevent Header-Flooding DoS
by Danila Vershinin, February 8, 2026
Learn how to use the max_headers directive in nginx-mod to limit the number of HTTP request headers and protect your server from header-flooding DoS attacks. Includes installation, configuration, and testing on RHEL-based systems.
Read More...NGINX Length Hiding Module: Does It Actually Prevent BREACH Attacks?
by Danila Vershinin, February 2, 2026
The NGINX length hiding module is often recommended for BREACH attack mitigation, but security research shows it only slows down attacks, not prevents them. Learn what actually protects against BREACH: SameSite cookies, CSRF token rotation, and proper application architecture.
Read More...NGINX CORS Configuration: The Complete Guide
by Danila Vershinin, January 24, 2026
Learn how to properly configure CORS in NGINX with this comprehensive guide. Discover why most tutorials are wrong, understand the critical `always` parameter, handle preflight requests, and implement production-ready configurations for credentials and multiple origins.
Read More...NGINX Security Headers, the right way
by Danila Vershinin, May 31, 2020
How to add NGINX security headers without configuration pitfalls and in a consistent way that will make your website safe for visitors
Read More...NGINX HSTS: Complete Strict-Transport-Security Guide
by Danila Vershinin, August 5, 2018
Learn how to configure NGINX HSTS (Strict-Transport-Security) correctly. This comprehensive guide covers the RFC 6797 specification, preload requirements, redirect patterns for www and non-www domains, common misconfigurations, and how to avoid SSL stripping attacks with verified configurations.
Read More...How to Remove the Server Header in NGINX
by Danila Vershinin, June 24, 2018
How to hide the Server HTTP header in NGINX and more: hide the fact of using NGINX altogether.
Read More...Varnish and JetPack: “Error 503 Backend fetch failed” in WordPress
by Danila Vershinin, June 24, 2016
Varnish and Jetpack in Wordpress may be tricky to setup properly, but it doesn’t need to be that way. Let’s tune things up and make things happen to work well together 🙂
Read More...Recommended Web Hosting
