Our Information Security Team wants us to add some custom HTTP headers to GitLab. But when we tried to add in gitlab-http.conf, we could not see the headers in response. When we tried to add nginx proxy header part in gitlab.rb, site did not work. Do you have any ideas to add these headers?
Headers we must add are below:
Content Security Policy (CSP)
HTTP Public Key Pinning Extension (HPKP)
Accept-Ranges HTTP Header