diff --git a/src/nginxconfig.ejs b/src/nginxconfig.ejs
index 5c56bf141..93939991a 100644
--- a/src/nginxconfig.ejs
+++ b/src/nginxconfig.ejs
@@ -88,6 +88,9 @@ server {
     ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256;
     ssl_prefer_server_ciphers off;
 
+    # some apps have underscores in headers. this is apparently disabled by default because of some legacy CGI compat
+    underscores_in_headers on;
+
 <% if (endpoint !== 'ip' && endpoint !== 'setup') { -%>
     # dhparams is generated only after dns setup
     ssl_dhparam /home/yellowtent/platformdata/dhparams.pem;