2018-11-23 17:14:15 +01:00
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
# | Referrer Policy |
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
2020-01-03 19:36:51 +01:00
|
|
|
# Set a strict Referrer Policy to mitigate information leakage.
|
2018-11-23 17:14:15 +01:00
|
|
|
#
|
2020-01-03 19:36:51 +01:00
|
|
|
# (1) The `Referrer-Policy` header is included in responses for resources
|
|
|
|
|
# that are able to request (or navigate to) other resources.
|
2018-11-23 17:14:15 +01:00
|
|
|
#
|
2020-01-03 19:36:51 +01:00
|
|
|
# This includes the commonly used resource types:
|
|
|
|
|
# HTML, CSS, XML/SVG, PDF documents, scripts and workers.
|
|
|
|
|
#
|
|
|
|
|
# To prevent referrer leakage entirely, specify the `no-referrer` value
|
|
|
|
|
# instead. Note that the effect could impact analytics metrics negatively.
|
|
|
|
|
#
|
|
|
|
|
# To check your Referrer Policy, you can use an online service, such as:
|
|
|
|
|
# https://securityheaders.com/
|
|
|
|
|
# https://observatory.mozilla.org/
|
2018-11-23 17:14:15 +01:00
|
|
|
#
|
2021-06-14 12:38:26 +02:00
|
|
|
# https://www.w3.org/TR/referrer-policy/
|
|
|
|
|
# https://owasp.org/www-project-secure-headers/#referrer-policy
|
2018-11-23 17:14:15 +01:00
|
|
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
|
2021-06-14 12:38:26 +02:00
|
|
|
# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
|
2018-11-23 17:14:15 +01:00
|
|
|
|
2019-02-13 14:31:53 +01:00
|
|
|
add_header Referrer-Policy $referrer_policy always;
|
