I have upgrade Nextcloud to 16.0.1 and everything is working perfectly with the exception of when I do a security scan I see this below in my next cloud setting.
The "Referrer-Policy" HTTP header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin", "strict-origin-when-cross-origin" or "same-origin". This can leak referer information.
I've read through the thread looking for solutions and modifying the ngix config on my letsencrypt reverse proxy but still getting the same thing. I get that it letsencrypt and nextcloud are adding the headers twice hence why I'm getting the issue during the security & setup scan.
Anyone else getting this issue with the latest version of nextcloud?