Webserver: Apache 2.4.25
OS: Debian Stretch
Get error “Referrer-Policy” not right in Nextcloud Dashboard on Security issues.
- the error accoured now again with Update from 17 -> 18
- before (I think with NC14 or so) the error ocurred already once and I put the headers section in Apache config, then it was ok
- I read all related topics in the forum, that suggest a lot of things, all did not work
- required mods are enabled
- apache config as follws (with alias, not as vhost, but same for all domains):
<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" Header always set Referrer-Policy "no-referrer" Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav Redirect 301 /.well-known/webfinger /nextcloud/public.php?service=webfinger Redirect 301 /ocm-provider/ /nextcloud/ocm-provider/ Redirect 301 /ocs-provider/ /nextcloud/ocs-provider/ </IfModule>
- tried to unset it in .htaccess for not doubling, no effect
- the worst is, that on https://securityheaders.com/ I get, that everything seems to be fine!?
Any more suggestions? Thanks in advance.