19/05/06 01:20:33.02 6m6Z5uHt0.net
Nextcloud13から一気に16まであげてみました。
すると概要に下記の警告が出るようになりました。
CentOS 7.6, Nginx 1.14.2ですが、
nginxに下記の項目は記述しています。
> The "X-Content-Type-Options" HTTP header is not set to "nosniff". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
> The "X-Robots-Tag" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
> The "X-Frame-Options" HTTP header is not set to "SAMEORIGIN". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
> The "X-Download-Options" HTTP header is not set to "noopen". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
> The "X-Permitted-Cross-Domain-Policies" HTTP header is not set to "none". This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.
URLスキャンツールで、
例えばmozilla(URLリンク(observatory.mozilla.org))で試すと、
上記はセットされていると認識されています。
どちらが正しいのでしょうか?