In the admin manual sample nginx configuration the following headers are set in the server block: add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies…

[image] JonSmith: Why do we have to set them twice? See here: [image] Mistake in nginx config from documentation? ℹ️ Support The nginx documentation ( https://docs.nextcloud.com/server/12/admin_manual/installation/nginx.html ) shows a lot of headers that we can add: …

[image] JonSmith: And why is there no “always” at the end of each line? You are right, this would be more secure. Therefore this will be added with the next major release NC17 (Beta 2 already available). [image] JonSmith: Why do we have to set them twice? I don’t know the answer to t…

Add_header twice in nginx vHost?

ℹ️ Support

Bernie_O August 27, 2019, 10:53pm 3

See here: