summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuilhem Moulin <guilhem@fripost.org>2016-12-13 20:36:38 +0100
committerGuilhem Moulin <guilhem@fripost.org>2016-12-13 20:36:38 +0100
commit63b76b4deee43d586ee741415d03f5962e5fafc8 (patch)
treec50aa05d477723f605b7f7f4fe880030df780f98
parentb0869dd3b4e6f72060185b32f19d28351b560998 (diff)
nginx: set Referrer-Policy HTTP header to "no-referrer".
-rw-r--r--roles/common-web/files/etc/nginx/snippets/headers.conf1
1 files changed, 1 insertions, 0 deletions
diff --git a/roles/common-web/files/etc/nginx/snippets/headers.conf b/roles/common-web/files/etc/nginx/snippets/headers.conf
index 60e5ace..798a151 100644
--- a/roles/common-web/files/etc/nginx/snippets/headers.conf
+++ b/roles/common-web/files/etc/nginx/snippets/headers.conf
@@ -1,4 +1,5 @@
# https://securityheaders.io/
+add_header Referrer-Policy no-referrer;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";