<IfModule mod_env.c>
# Add security and privacy related headers
+
+ # Avoid doubled headers by unsetting headers in "onsuccess" table,
+ # then add headers to "always" table: https://github.com/nextcloud/server/pull/19002
+ Header onsuccess unset Referrer-Policy
Header always set Referrer-Policy "no-referrer"
+
+ Header onsuccess unset X-Content-Type-Options
Header always set X-Content-Type-Options "nosniff"
+
+ Header onsuccess unset X-Download-Options
Header always set X-Download-Options "noopen"
+
+ Header onsuccess unset X-Frame-Options
Header always set X-Frame-Options "SAMEORIGIN"
+
+ Header onsuccess unset X-Permitted-Cross-Domain-Policies
Header always set X-Permitted-Cross-Domain-Policies "none"
+
+ Header onsuccess unset X-Robots-Tag
Header always set X-Robots-Tag "none"
+
+ Header onsuccess unset X-XSS-Protection
Header always set X-XSS-Protection "1; mode=block"
+
SetEnv modHeadersAvailable true
</IfModule>
projects / nextcloud-server.git / commitdiff