From 63b76b4deee43d586ee741415d03f5962e5fafc8 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 13 Dec 2016 20:36:38 +0100
Subject: nginx: set Referrer-Policy HTTP header to "no-referrer".

---
 roles/common-web/files/etc/nginx/snippets/headers.conf | 1 +
 1 file changed, 1 insertion(+)

(limited to 'roles')

diff --git a/roles/common-web/files/etc/nginx/snippets/headers.conf b/roles/common-web/files/etc/nginx/snippets/headers.conf
index 60e5ace..798a151 100644
--- a/roles/common-web/files/etc/nginx/snippets/headers.conf
+++ b/roles/common-web/files/etc/nginx/snippets/headers.conf
@@ -1,4 +1,5 @@
 # https://securityheaders.io/
+add_header Referrer-Policy no-referrer;
 add_header X-Frame-Options "SAMEORIGIN";
 add_header X-Content-Type-Options nosniff;
 add_header X-XSS-Protection "1; mode=block";
-- 
cgit v1.2.3