Waht do you mean with header settings?
The setup is the following.
I have in front of the nextcloud a nginx reverse proxy that connects to the nextcloud server running apache.
Then Onlyoffice is running on a debian machine (as nextcloud is running a Omnios) and onlyoffice is also in front of the nginx reverse proxy.
SO maybe its this you need
GET
https://flupke.homeunix.org/apps/files_reader/js/plugin.js [HTTP/2.0 200 OK 0ms]
Content Security Policy: Ignoring āāunsafe-inlineāā within script-src or style-src: nonce-source or hash-source specified (unknown)
Content Security Policy: Directive āframe-srcā has been deprecated. Please use directive āchild-srcā instead. (unknown)
Content Security Policy: The pageās settings blocked the loading of a resource at self (āscript-src ānonce-SkRVcWhBUnY5TS9vVlQwS1dJdUZraU1LemlyRHI3bTQ3TEs2S0V6enFOTT06U2w5NDkwd0FyZmVzWkF4bkZiTEN5MFJmdUIrczQ1TDBoOXp5R0hYYy9wUT0=ā https://office9800.homeunix.org/ āunsafe-inlineā āunsafe-evalāā). Source: ;!function(){var t=0,e=function(t,e){retā¦ 72735:1
JQMIGRATE: Migrate is installed, version 1.4.0 core.js:7:542
GET
https://flupke.homeunix.org/core/search/js/search.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/apporder/js/apporder.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/files_pdfviewer/js/previewplugin.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/index.php/js/core/merged-share-backend.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/files_reader/js/plugin.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/files_videoplayer/js/viewer.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/index.php/js/notifications/merged.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/workin2gether/js/workin2gether_v3.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/core/js/jquery-ui-fixes.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/core/js/files/fileinfo.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/core/js/files/client.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/core/js/contactsmenu.js [HTTP/2.0 200 OK 0ms]
GET
https://flupke.homeunix.org/apps/onlyoffice/js/editor.js [HTTP/2.0 200 OK 34ms]
Headers
Params
Response
Cookies
Accept-RangesbytesCache-Controlmax-age=15778463Content-EncodinggzipContent-Length1464Content-Typeapplication/javascriptDateTue, 09 Jan 2018 08:20:44 GMTEtag"eb2-560eef49a0e53-gzip"Last-ModifiedFri, 22 Dec 2017 14:51:45 GMTServerNone of Your BusinessVaryAccept-Encoding,User-AgentX-Content-Type-Optionsnosniff, nosniff, nosniffX-Firefox-Spdyh2X-Frame-OptionsDENYX-Robots-TagnoneX-XSS-Protection1; mode=block, 1; mode=blockx-download-optionsnoopenx-permitted-cross-domain-policiesnone
Accept*/*Accept-Encodinggzip, deflate, brAccept-Languageen-US,en;q=0.5Connectionkeep-aliveCookienc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oc_music_volume=75; ocgit2mwvy4k=8ab3h8bol51af8ema0kahca55l; oc_sessionPassphrase=t3uto7t4Phhv4Wm3%2BSXH716ukKAbsJAclqA8yPWbXUWP6NvzGB1Io%2BrIeITR6bbB4OarP8uDX4EhPyrKdzJ%2FaexMRJabQtWIaxycejhpA92YuRGYdjyP3Ly3mQCzRzxOHostflupke.homeunix.orgUser-AgentMozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0
GET
https://flupke.homeunix.org/index.php/apps/theming/js/theming [HTTP/2.0 200 OK 0ms]
GET
XHR
https://flupke.homeunix.org/index.php/apps/onlyoffice/ajax/config/72735 [HTTP/2.0 200 OK 144ms]
Headers
Response
Cookies
Call Stack
Cache-Controlno-cache, no-store, must-revalidateContent-EncodinggzipContent-Length513Content-Typeapplication/json; charset=utf-8DateTue, 09 Jan 2018 08:20:44 GMTExpiresThu, 19 Nov 1981 08:52:00 GMTPragmano-cacheServerNone of Your BusinessVaryAccept-Encoding,User-AgentX-Content-Type-Optionsnosniff, nosniff, nosniffX-Firefox-Spdyh2X-Frame-OptionsSAMEORIGIN, DENYX-Powered-ByPHP/7.1.12X-Robots-TagnoneX-XSS-Protection1; mode=block, 1; mode=blockcontent-security-policydefault-src ānoneā;base-uri ānoneā;manifest-src āselfā;script-src ānonce-a3NPbHRxcTg3ZXczOGFIelVjejBZSGxNMEttNkdPd2MxZ1cyQVBPdnhpVT06L0tuM3hlTFR0TlJ6d0pDZUhQV3pPUjRacHB6VlZNZFF2V3YrTU1xQWtHST0=ā āunsafe-evalā;style-src āselfā blob: āunsafe-inlineā;img-src āselfā data: blob: https://source.unsplash.com https://images.unsplash.com;font-src āselfā;connect-src āselfā;media-src āselfā data:;frame-src āselfā;child-src 'selfāx-download-optionsnoopenx-permitted-cross-domain-policiesnone
Accept*/*Accept-Encodinggzip, deflate, brAccept-Languageen-US,en;q=0.5Connectionkeep-aliveCookienc_sameSiteCookielax=true; nc_sameSiteCookiestrict=true; __Host-nc_sameSiteCookielax=true; __Host-nc_sameSiteCookiestrict=true; oc_music_volume=75; ocgit2mwvy4k=8ab3h8bol51af8ema0kahca55l; oc_sessionPassphrase=t3uto7t4Phhv4Wm3%2BSXH716ukKAbsJAclqA8yPWbXUWP6NvzGB1Io%2BrIeITR6bbB4OarP8uDX4EhPyrKdzJ%2FaexMRJabQtWIaxycejhpA92YuRGYdjyP3Ly3mQCzRzxOHostflupke.homeunix.orgOCS-APIREQUESTtrueUser-AgentMozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0X-Requested-WithXMLHttpRequestrequesttokenJDUqhARv9M/oVT0KWIuFkiMKzirDr7m47LK6KEzzqNM=:Sl9490wArfesZAxnFbLCy0RfuB+s45L0h9zyGHXc/pQ=
Synchronous XMLHttpRequest on the main thread is deprecated because of its detrimental effects to the end userās experience. For more help http://xhr.spec.whatwg.org/ core.js:4:14346
GET
XHR
https://flupke.homeunix.org/index.php/apps/apporder/getOrder [HTTP/2.0 200 OK 92ms]
GET
XHR
https://flupke.homeunix.org/ocs/v2.php/apps/notifications/api/v2/notifications [HTTP/2.0 200 OK 129ms]
POST
XHR
https://flupke.homeunix.org/index.php/apps/workin2gether/ajax/getcolor.php [HTTP/2.0 200 OK 102ms]
POST
XHR
https://flupke.homeunix.org/index.php/apps/workin2gether/ajax/getcolor.php [HTTP/2.0 200 OK 110ms]
GET
https://office9800.homeunix.org/web-apps/apps/documenteditor/main/index.html [HTTP/2.0 302 Found 27ms]
GET
https://office9800.homeunix.org/2017-12-07-11-28/web-apps/apps/documenteditor/main/index.html [HTTP/2.0 200 OK 31ms]
Headers
Params
Response
Cookies
Cache-Controlmax-age=31536000Content-EncodinggzipContent-Typetext/htmlDateTue, 09 Jan 2018 08:20:45 GMTEtagW/"5a2925e4-2dc8"ExpiresWed, 09 Jan 2019 08:20:45 GMTLast-ModifiedThu, 07 Dec 2017 11:28:36 GMTServerNone of Your BusinessStrict-Transport-Securitymax-age=15768000VaryAccept-EncodingX-Content-Type-Optionsnosniff, nosniffX-Firefox-Spdyh2X-Frame-OptionsSAMEORIGIN, DENYX-XSS-Protection1; mode=block
Accepttext/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8Accept-Encodinggzip, deflate, brAccept-Languageen-US,en;q=0.5Connectionkeep-aliveCookie_ym_uid=15139769841027519395; _ga=GA1.3.256061103.1513976986Hostoffice9800.homeunix.orgUpgrade-Insecure-Requests1User-AgentMozilla/5.0 (X11; SunOS i86pc; rv:52.0) Gecko/20100101 Firefox/52.0
Load denied by X-Frame-Options: https://office9800.homeunix.org/2017-12-07-11-28/web-apps/apps/documenteditor/main/index.html?_dc=2017-12-07-11-28&lang=en&customer=ONLYOFFICE&frameEditorId=iframeEditor does not permit cross-origin framing. (unknown)
[Passman extension] Stopping, vault key not set inject.js:388:21
GET
XHR
https://flupke.homeunix.org/ocs/v2.php/apps/notifications/api/v2/notifications [HTTP/2.0 200 OK 149ms]
GET
XHR
https://flupke.homeunix.org/ocs/v2.php/apps/notifications/api/v2/notifications [HTTP/2.0 200 OK 166ms]