Security: __Host-Prefix cookie setting? & HTTP headers

security

#1

Hello,

I’ve looked at following threads but can’t seem to find the configuration file (nextcloud.conf) or the way to remove this from my record. I’m using version 14 and currently testing before using the system in production.

Second question is changing the HTTP header:

I used following link: https://securityheaders.com to scan my installation.

  1. https://scotthelme.co.uk/a-new-security-header-referrer-policy/
  2. https://scotthelme.co.uk/a-new-security-header-feature-policy/

Could someone please help

Threads referred:

  1. Security: "__Host-Prefix", how to fix?
  2. Security: __Host-Prefix cookie setting?

PS: I am aware about HTTP as opposed to using HTTPS but I’m waiting to geet cert for my website. Once I get it I will move to HTTPS :smile:


#2

Hello. I’m also can’t fix this damn “__Host-Prefix” security thing. Read many threads but no any of them helped much. Still having A rating on my Nextcloud 14.