Check process to insert security headers in nginx config from kong config file

I would like to know how to set up HSTS headers and security headers in the kong config file. I havent found anything yet.

There is none.

You can use response-transformer plugin to inject the header.

Hey so the response-transformer is the same as this? but for kong?To configure HSTS in Nginx, add the next entry in nginx.conf under server (SSL) directive

add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload'


If you want to do it at the Nginx-level, you could use Nginx directive injection to achieve this as well:


Same requirements, but request-transformer plugin not working for me: response-transformer global plugin not working (reliably) · Issue #7040 · Kong/kong · GitHub.

Trying to do this through nginx directives injection in the kong config instead(Configuration Reference - v1.4.x | Kong - Open-Source API Management and Microservice Management), but I don’t see how to add multiple ‘add_header’ directives, as only the last such directive in the config is processed by kong.

Edit: only that worked for now is a custom nginx template.