# ----------------------------------------------------------------------
# | Referrer Policy                                                    |
# ----------------------------------------------------------------------

# Set a strict Referrer Policy to mitigate information leakage.
#
# (1) The `Referrer-Policy` header is included in responses for resources
#     that are able to request (or navigate to) other resources.
#
#     This includes the commonly used resource types:
#     HTML, CSS, XML/SVG, PDF documents, scripts and workers.
#
# To prevent referrer leakage entirely, specify the `no-referrer` value
# instead. Note that the effect could impact analytics metrics negatively.
#
# To check your Referrer Policy, you can use an online service, such as:
# https://securityheaders.com/
# https://observatory.mozilla.org/
#
# https://www.w3.org/TR/referrer-policy/
# https://owasp.org/www-project-secure-headers/#referrer-policy
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
# https://scotthelme.co.uk/a-new-security-header-referrer-policy/

add_header Referrer-Policy $referrer_policy always;