Security scan x-policy vs google advs

related to The "Referrer-Policy" HTTP header is not set to "no-referrer"

Clearly, who is telling the true ?? A+ for one side, D+ for the other !!!

The x-frame X-content policies are not handles the same way !

Hopefully, my server is a fully home made rig using debian and apache2. So i know what i am doing, witch is clearly not the case for one of the automatic tester

How did you end up with a score of 40/100?! NC15 brings 110/100 by default config (with web server config from the documentation).
Looks like you are using a badly configured proxy or something which terminates the headers from Nextcloud.

My post which you linked there is talking about another topic and setting up additional headers, but these additional headers just increase the score to 120/100.

With security test from NC, i score a A+, with ssl labs, a A+, with google test, a D+, with securia a C-, and so on …

When i check my files, at least, i know what i am doing …

These are different tests, testing for different technologies.

I see. I’m sorry for disturbing.

exactly, you’re not distubing.

These are different tests, testing for different technologies.

Unfortunatly, peoples ( some of them) focus on those test …