On 16/12/2023, Saint Michael <vene...@gmail.com> wrote: > I have a reverse proxy but for security reasons, I need to force the > client to work the closest to an Incognito session as possible. > I tried adding the following: > > proxy_set_header Cookie ""; > add_header Set-Cookie "cookie_name=; Expires=Thu, 01 Jan 1970 00:00:01 > GMT;"; } > > but it still does not work correctly. > > Is there a way to do this?
Copied from my 2013 answer at https://serverfault.com/a/467774: This can be addressed through nginx with the following directives placed within the server context: proxy_hide_header Set-Cookie; proxy_ignore_headers Set-Cookie; # important! Remember the special inheritance rules for proxy_set_header: # http://nginx.org/ru/docs/http/ngx_http_proxy_module.html#proxy_set_header proxy_set_header Cookie ""; All three directives above are very important: * proxy_hide_header ensures the header will not be passed back to the client, * proxy_ignore_headers ensures that the header will not automatically disable caching within nginx and, finally, * proxy_set_header ensures that a client cannot pass any prior cookies to the webapp and spoil your cache. Note my comment regarding proxy_set_header inheritance — you cannot nest this directive (have to define all or none at a given level). C. _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx