Edit: I just comment out those lines in .htaccess and the warning vanishes.
i.e. It will be ideal if the upgrade process check (if possible) that users have already added this referrer-policy header to their conf before add it by default to .htaccess
Thanks
-------------- Original message ------------------
Everything works fine when I was with 14.0.3
Right after upgrade to 14.0.4 an hour ago, it emerges again.
Last time, I added to apache’s website.conf the following lines to fix the issue, and it is still there.
\<IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
Header always set Referrer-Policy "no-referrer"
\</IfModule>
This time, I also checked .htaccess and see the following lines there by default
<IfModule mod_env.c>
# Add security and privacy related headers
Header set X-Content-Type-Options "nosniff"
Header set X-XSS-Protection "1; mode=block"
Header set X-Robots-Tag "none"
Header set X-Download-Options "noopen"
Header set X-Permitted-Cross-Domain-Policies "none"
Header set Referrer-Policy "no-referrer"
SetEnv modHeadersAvailable true
</IfModule>
I run
$ sudo apachectl -M
and it indicates that env_module is loaded.
Any idea what is wrong?
Thanks