Edit: I just comment out those lines in .htaccess and the warning vanishes.
i.e. It will be ideal if the upgrade process check (if possible) that users have already added this referrer-policy header to their conf before add it by default to .htaccess
-------------- Original message ------------------
Everything works fine when I was with 14.0.3
Right after upgrade to 14.0.4 an hour ago, it emerges again.
Last time, I added to apache’s website.conf the following lines to fix the issue, and it is still there.
\<IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains" Header always set Referrer-Policy "no-referrer" \</IfModule>
This time, I also checked .htaccess and see the following lines there by default
<IfModule mod_env.c> # Add security and privacy related headers Header set X-Content-Type-Options "nosniff" Header set X-XSS-Protection "1; mode=block" Header set X-Robots-Tag "none" Header set X-Download-Options "noopen" Header set X-Permitted-Cross-Domain-Policies "none" Header set Referrer-Policy "no-referrer" SetEnv modHeadersAvailable true </IfModule>
$ sudo apachectl -M
and it indicates that env_module is loaded.
Any idea what is wrong?