# ---------------------------------------------------------------------- # | Referrer Policy | # ---------------------------------------------------------------------- # A web application uses HTTPS and a URL-based session identifier. # The web application might wish to link to HTTPS resources on other # web sites without leaking the user's session identifier in the URL. # # This can be done by setting a `Referrer Policy` which # whitelists trusted sources of content for your website. # # To check your referrer policy, you can use an online service # such as: https://securityheaders.io/. # # https://scotthelme.co.uk/a-new-security-header-referrer-policy/ # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy add_header Referrer-Policy "no-referrer-when-downgrade" always;