Htacces security settings not recognised

Nextcloud version 13.0.5
PHP version 7.2.8

The issue you are facing:

Our Nextcloud installation reports a couple of security warnings regarding apache headers. Our hosting provider checked this out and the server’s headers seem to be configured correctly.

Example cURL call:

HTTP/1.1 200 OK
Server: nginx
Date: Mon, 23 Jul 2018 18:18:03 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 7656
Connection: keep-alive
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Robots-Tag: none
X-Download-Options: noopen
X-Permitted-Cross-Domain-Policies: none

Cache-Control: no-cache, no-store, must-revalidate
Content-Security-Policy: default-src ‘none’;base-uri ‘none’;manifest-src ‘self’;script-src ‘self’ ‘unsafe-eval’;style-src ‘self’ ‘unsafe-inline’;img-src ‘self’ data: blob:;font-src ‘self’;connect-src ‘self’;media-src ‘self’
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff

It seems NextCloud is not interpreting the header settings correctly which results in ‘false’ security warnings.

Many thanks in advance!