Duplicate headers when curl'ing REST API

They say a picture is worth a thousand words…

❯ curl -sS -I --oauth2-bearer "$BUILDKITE_API_TOKEN" --url https://api.buildkite.com/v2/organizations/myorg/pipelines/mypipeline/builds | sort| uniq -dc
   2 strict-transport-security: max-age=31536000; includeSubDomains; preload
   2 x-content-type-options: nosniff
   2 x-frame-options: SAMEORIGIN

This shows that the headers strict-transport-security, x-content-type-options, and x-frame-options are being sent to the client twice.

Since they are identical, there is no harm. But it is a waste and looks unprofessional.


Hey @docwhat ,

First of all welcome to our Buildkite community.

Thank you for sharing this feedback around headers being sent twice to the client in the API response. We will look into this and get this addressed.


Hey @docwhat,

I’m Jordan, an engineer on the Pipelines team. Thanks for raising this with us! We’ll have this looked at and remedied.