2018-11-23 17:14:15 +01:00
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
# | Referrer Policy |
|
|
|
|
|
# ----------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
# A web application uses HTTPS and a URL-based session identifier.
|
2019-05-15 18:38:05 +02:00
|
|
|
# The web application might wish to link to HTTPS resources on other web
|
|
|
|
|
# sites without leaking the user's session identifier in the URL.
|
2018-11-23 17:14:15 +01:00
|
|
|
#
|
2019-05-15 18:38:05 +02:00
|
|
|
# This can be done by setting a `Referrer Policy` which whitelists trusted
|
|
|
|
|
# sources of content for your website.
|
2018-11-23 17:14:15 +01:00
|
|
|
#
|
2019-05-15 18:38:05 +02:00
|
|
|
# To check your referrer policy, you can use an online service such as:
|
|
|
|
|
# https://securityheaders.io/.
|
2018-11-23 17:14:15 +01:00
|
|
|
#
|
|
|
|
|
# https://scotthelme.co.uk/a-new-security-header-referrer-policy/
|
|
|
|
|
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
|
|
|
|
|
|
2019-02-13 14:31:53 +01:00
|
|
|
add_header Referrer-Policy $referrer_policy always;
|
