From 86c037cc8e63c1a7e0204c7d1bdbc0a2422f929b Mon Sep 17 00:00:00 2001
From: Justin Hall <justin.r.hall@gmail.com>
Date: Sun, 24 Apr 2022 16:17:08 -0600
Subject: [PATCH] fix: set Referrer-Policy header to
 strict-origin-when-cross-origin

---
 netlify.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netlify.toml b/netlify.toml
index 542ef00b..dd4168b3 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -10,7 +10,7 @@
     X-XSS-Protection = "1; mode=block"
     Content-Security-Policy = "default-src 'self'; connect-src 'self' https://api.pwnedpasswords.com; img-src data: https:; script-src 'self' 'unsafe-inline'; style-src 'self'; worker-src 'self'; object-src 'none'"
     Permissions-Policy = "geolocation=(), camera=(), microphone=(), payment=(), usb=()"
-    Referrer-Policy = "no-referrer-when-downgrade"
+    Referrer-Policy = "strict-origin-when-cross-origin"
     Expect-CT = "enforce, max-age=3600"
 
 [[headers]]