Referrer policy warning still showing up even when changed

robertkwild · January 31, 2019, 9:42pm

hi all,

i have a warning on my nextcloud server 1406

The “Referrer-Policy” HTTP header is not set to “no-referrer”, “no-referrer-when-downgrade”, “strict-origin”, “strict-origin-when-cross-origin” or “same-origin”.

but i have added this in my “/etc/httpd/conf.d/ssl.conf”

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" Header always set Referrer-Policy "no-referrer; no-referrer-when-downgrade; strict-origin; strict-origin-when-cross-origin"

i then restarted apache (httpd) but the warning is still there

isnt this the right place to add it in ie ssl.conf?

cheers,
rob

robertkwild · February 2, 2019, 1:04am

sorted -

vi /etc/httpd/conf.d/ssl.conf

Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" Header always set Referrer-Policy "no-referrer" Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set X-Robots-Tag "none" Header set X-Download-Options "noopen" Header set X-Permitted-Cross-Domain-Policies "none" SetEnv modHeadersAvailable true

NextUser · February 2, 2019, 8:52am

This is a bug,

My Apache vhost is ok and I get a A+ here but Nextcloud is still complaining about “Referrer-Policy”