From d089ba8b9de9432ed539e38543e280a47cea9fdb Mon Sep 17 00:00:00 2001
From: Christian Steinle <christiansteinle@arcor.de>
Date: Wed, 19 Jul 2023 06:01:06 +0000
Subject: [PATCH] Change webserver configuration for nextcloud.

---
 nextcloud/nextcloud.conf | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/nextcloud/nextcloud.conf b/nextcloud/nextcloud.conf
index 1abdade..ea93af3 100644
--- a/nextcloud/nextcloud.conf
+++ b/nextcloud/nextcloud.conf
@@ -26,13 +26,13 @@ server {
     #pagespeed off;
 
     # HTTP response headers borrowed from Nextcloud `.htaccess`
-    add_header Referrer-Policy                      "no-referrer"   always;
-    add_header X-Content-Type-Options               "nosniff"       always;
-    add_header X-Download-Options                   "noopen"        always;
-    add_header X-Frame-Options                      "SAMEORIGIN"    always;
-    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
-    add_header X-Robots-Tag                         "none"          always;
-    add_header X-XSS-Protection                     "1; mode=block" always;
+    add_header Referrer-Policy                      "no-referrer"       always;
+    add_header X-Content-Type-Options               "nosniff"           always;
+    add_header X-Download-Options                   "noopen"            always;
+    add_header X-Frame-Options                      "SAMEORIGIN"        always;
+    add_header X-Permitted-Cross-Domain-Policies    "none"              always;
+    add_header X-Robots-Tag                         "noindex, nofollow" always;
+    add_header X-XSS-Protection                     "1; mode=block"     always;
 
     # Remove X-Powered-By, which is an information leak
     fastcgi_hide_header X-Powered-By;
@@ -131,4 +131,4 @@ server {
     location / {
         try_files $uri $uri/ /index.php$request_uri;
     }
-}
\ No newline at end of file
+}