diff options
| author | Aleksander Machniak <alec@alec.pl> | 2018-10-21 12:39:39 +0300 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2018-10-21 12:39:39 +0300 |
| commit | 186f21c4c132b1151827d48d23c5bdddabc99118 (patch) | |
| tree | 96ab58299f22d683006bd5366026b61b1c6957f6 /.htaccess | |
| parent | cf7e4f12b2779ef384e99024debdc64814aac3b2 (diff) | |
Avoid Referer leaking by using Referrer-Policy:same-origin header (#6385)
Added 'common_headers' hook
Diffstat (limited to '.htaccess')
| -rw-r--r-- | .htaccess | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -64,5 +64,6 @@ Header set X-Robots-Tag "noindex, nofollow" # CSP - Content Security Policy # for better privacy/security ask browsers to not set the Referer # more flags for script, stylesheets and images available, read RFC for more information +# Note: "Referrer-Policy: same-origin" is already set by php code. #Header set Content-Security-Policy "referrer no-referrer" </IfModule> |