From 1273c763dc2179480752fd988fbe7a1d4c11672d Mon Sep 17 00:00:00 2001 From: Ossama Othman Date: Tue, 30 Jan 2024 10:47:33 -0800 Subject: [PATCH] Add noindex and nofollow to X-Robots-Tag header. The Nextcloud "Overview" in the Settings page flags a potential security risk due to missing "noindex" and "nofollow" in the X-Robots-Tag HTTP response header. Add them, accordingly. --- overlay/usr/local/etc/nginx/conf.d/nextcloud.inc | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/overlay/usr/local/etc/nginx/conf.d/nextcloud.inc b/overlay/usr/local/etc/nginx/conf.d/nextcloud.inc index ed3655d..21e712f 100644 --- a/overlay/usr/local/etc/nginx/conf.d/nextcloud.inc +++ b/overlay/usr/local/etc/nginx/conf.d/nextcloud.inc @@ -15,13 +15,13 @@ gzip_types application/atom+xml application/javascript application/json applicat #pagespeed off; # HTTP response headers borrowed from Nextcloud `.htaccess` -add_header Referrer-Policy "no-referrer" always; -add_header X-Content-Type-Options "nosniff" always; -add_header X-Download-Options "noopen" always; -add_header X-Frame-Options "SAMEORIGIN" always; -add_header X-Permitted-Cross-Domain-Policies "none" always; -add_header X-Robots-Tag "none" always; -add_header X-XSS-Protection "1; mode=block" always; +add_header Referrer-Policy "no-referrer" always; +add_header X-Content-Type-Options "nosniff" always; +add_header X-Download-Options "noopen" always; +add_header X-Frame-Options "SAMEORIGIN" always; +add_header X-Permitted-Cross-Domain-Policies "none" always; +add_header X-Robots-Tag "noindex, nofollow" always; +add_header X-XSS-Protection "1; mode=block" always; # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By;