From 63b76b4deee43d586ee741415d03f5962e5fafc8 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 13 Dec 2016 20:36:38 +0100 Subject: nginx: set Referrer-Policy HTTP header to "no-referrer". --- roles/common-web/files/etc/nginx/snippets/headers.conf | 1 + 1 file changed, 1 insertion(+) (limited to 'roles/common-web/files/etc') diff --git a/roles/common-web/files/etc/nginx/snippets/headers.conf b/roles/common-web/files/etc/nginx/snippets/headers.conf index 60e5ace..798a151 100644 --- a/roles/common-web/files/etc/nginx/snippets/headers.conf +++ b/roles/common-web/files/etc/nginx/snippets/headers.conf @@ -1,4 +1,5 @@ # https://securityheaders.io/ +add_header Referrer-Policy no-referrer; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; -- cgit v1.2.3