Set Referrer-Policy header for web

piratepx · Dec 16, 2020 · f8df45e · f8df45e
1 parent 6174cf4
commit f8df45e
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/api/routes/web.js b/api/routes/web.js
@@ -20,6 +20,7 @@ module.exports = async (fastify) => {
       reply.setHeader('X-Content-Type-Options', 'nosniff')
       reply.setHeader('X-Frame-Options', 'DENY')
       reply.setHeader('X-XSS-Protection', '1; mode=block')
+      reply.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin')
     },
   })