Commit a0ea4418 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Set default Referrer Policy to no-referrer-when-downgrade

Do not send a Referrer header when the connection is downgraded from
https to http.

Closes: #177
parent acc69166
......@@ -87,6 +87,9 @@
# Clickjacking protection
X_FRAME_OPTIONS = 'DENY'
# Referrer Policy
SECURE_REFERRER_POLICY = 'no-referrer-when-downgrade'
# X-Content-Type-Options, stops browsers from trying to MIME-sniff the content type
SECURE_CONTENT_TYPE_NOSNIFF = True
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment