Nextcloud-Version: 18.0.3
Webserver: Apache 2.4.25
OS: Debian Stretch
Get error “Referrer-Policy” not right in Nextcloud Dashboard on Security issues.
- the error accoured now again with Update from 17 -> 18
- before (I think with NC14 or so) the error ocurred already once and I put the headers section in Apache config, then it was ok
- I read all related topics in the forum, that suggest a lot of things, all did not work
- required mods are enabled
- apache config as follws (with alias, not as vhost, but same for all domains):
<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header always set Referrer-Policy "no-referrer"
Redirect 301 /.well-known/carddav /nextcloud/remote.php/dav
Redirect 301 /.well-known/caldav /nextcloud/remote.php/dav
Redirect 301 /.well-known/webfinger /nextcloud/public.php?service=webfinger
Redirect 301 /ocm-provider/ /nextcloud/ocm-provider/
Redirect 301 /ocs-provider/ /nextcloud/ocs-provider/
</IfModule>
- tried to unset it in .htaccess for not doubling, no effect
- the worst is, that on https://securityheaders.com/ I get, that everything seems to be fine!?
Any more suggestions? Thanks in advance.