Global_response_headers does not work


I am using version 3.2.1 of a tyk-gateway and currently trying to add global_response_headers to my API responses like this

"global_response_headers": {
          "Strict-Transport-Security": "max-age=63072000; includeSubDomains; preload",
          "Content-Security-Policy": "default-src 'self'; frame-ancestors 'self'; form-action 'self';",
          "X-Permitted-Cross-Domain-Policies": "none"

but unfortunately I do not see those headers in API response. What could be wrong?

Thank you!

@Andrey22l , thank you for posting your issue here.

I can’t seem to replicate your issue as I can see those responses working in the header response of my API. Can you provide your API definition?

Hi @Andrey22l Upon further checking, if you are using an Open Source gateway you need to make sure that you registered the response middleware for it to work by adding this line in your API definition:

"response_processors":[{"name": "header_injector"}]

I believe that adding this line will solve your issue.

That helped, thank you! it now works as expected