Set default Referrer Policy to no-referrer-when-downgrade

Do not send a Referrer header when the connection is downgraded from
https to http.

Closes: #177

settings.py

@@ -87,6 +87,9 @@
 # Clickjacking protection
 X_FRAME_OPTIONS = 'DENY'
 
+# Referrer Policy
+SECURE_REFERRER_POLICY = 'no-referrer-when-downgrade'
+
 # X-Content-Type-Options, stops browsers from trying to MIME-sniff the content type
 SECURE_CONTENT_TYPE_NOSNIFF = True