Warnings in the configuration Nextcloud

caio1007 · 19 November 2022 14:43

curl -IL https://your.domain/
curl -IL https://your.domain/nextcloud/
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 19 Nov 2022 14:38:16 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 612
Last-Modified: Fri, 15 Apr 2022 21:33:34 GMT
Connection: keep-alive
ETag: "6259e4ae-264"
Strict-Transport-Security: max-age=31536000
Accept-Ranges: bytes

HTTP/1.1 302 Found
Server: nginx
Date: Sat, 19 Nov 2022 14:38:16 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Set-Cookie: oc_sessionPassphrase=yaxG4hzHzr0PCPDSkjrDj4Ir90m%2BYI8LBcn3PsSj8Kj7pNBYPhDyMJZo84TrSn%2FSQgRGw4VCQO1BytjykhJlwBJERPjvJ6x%2F%2BgAscdMwY0A8aM2F2Iv%2BEt5rAdOK1OJY; path=/nextcloud; secure; HttpOnly; SameSite=Lax
Content-Security-Policy: default-src 'self'; script-src 'self' 'nonce-SFJNeHg2VlB1VFU5K29lcXM3bmlOOVpyd1pYVmpBYlkwVDBSZzBQaWx2bz06Y1hSamhzZ2Z3WFJsemFpWis5cUlSYkVUdU1hZjlsNzM2VmRjeXhEVTJjMD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
Set-Cookie: nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Set-Cookie: ocpz43zbdqc8=g1k1ulcrf4mdplo2gf47lt3kei; path=/nextcloud; secure; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: https://your.domain/nextcloud/login
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 19 Nov 2022 14:38:16 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 13355
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: oc_sessionPassphrase=dl07UtmB5I2ML4MWAdniRvhT61gG09H5Pj1U03qnk%2FxBDSZJ4dePXvHO8%2Fock4bu8aZgKNcWKZbMDaBi7fI9%2Bdd85LaLEFJj3Yj1Bz6rj2TlrWcNwjD09GW3jcKVq8lE; path=/nextcloud; secure; HttpOnly; SameSite=Lax
Set-Cookie: nc_sameSiteCookielax=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax
Set-Cookie: nc_sameSiteCookiestrict=true; path=/nextcloud; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict
Set-Cookie: ocpz43zbdqc8=57rvbj427n49or6n7rgkksvl1h; path=/nextcloud; secure; HttpOnly; SameSite=Lax
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-Control: no-cache, no-store, must-revalidate
X-Request-Id: KxtkqeWo1wkQQzqi0XL9
Content-Security-Policy: default-src 'none';base-uri 'none';manifest-src 'self';script-src 'self';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src 'self' data:;connect-src 'self';media-src 'self';frame-src 'self';frame-ancestors 'self';form-action 'self'
Feature-Policy: autoplay 'self';camera 'none';fullscreen 'self';geolocation 'none';microphone 'none';payment 'none'
X-Robots-Tag: none
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-Robots-Tag: none
X-XSS-Protection: 1; mode=block