I'm facing something strange, I have set the following headers in Nginx to return:
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
X-Firefox-Spdy: h2
x-frame-options: SAMEORIGIN
x-xss-protection: 1

But I only get them when I browse root of my website, but if I go to https://website.com/subPage

those headers are not returned, now I did set them only on
"location / {}"

Any other headers I am missing that needs to be set?

in nginx, but how do I force it on all sub pages, or there is no need?