[Solved] 14.0.3->14.0.4 & "Referrer-Policy" HTTP header Warning appears Again

Edit: I just comment out those lines in .htaccess and the warning vanishes.

i.e. It will be ideal if the upgrade process check (if possible) that users have already added this referrer-policy header to their conf before add it by default to .htaccess


-------------- Original message ------------------

Everything works fine when I was with 14.0.3

Right after upgrade to 14.0.4 an hour ago, it emerges again.

Last time, I added to apache’s website.conf the following lines to fix the issue, and it is still there.

\<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
  Header always set Referrer-Policy "no-referrer"

This time, I also checked .htaccess and see the following lines there by default

  <IfModule mod_env.c>
    # Add security and privacy related headers
    Header set X-Content-Type-Options "nosniff"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Robots-Tag "none"
    Header set X-Download-Options "noopen"
    Header set X-Permitted-Cross-Domain-Policies "none"
    Header set Referrer-Policy "no-referrer"
    SetEnv modHeadersAvailable true

I run

$ sudo apachectl -M

and it indicates that env_module is loaded.

Any idea what is wrong?


1 Like

I also had this issue. I had

Header always set Referrer-Policy "no-referrer"

in /etc/apache2/conf-available/security.conf. Replacing with

Header set Referrer-Policy "no-referrer"

and restarting Apache and the warning goes away. Now what does the “always” option do?

Exact issue here as well.

I did the same thing as you and just commented out the lines.

+1 on adding that check to the update process (if possible)

Thanks for the good tip!