diff options
author | Morten Tokle <mortent@yahooinc.com> | 2022-08-01 15:39:04 +0200 |
---|---|---|
committer | Morten Tokle <mortent@yahooinc.com> | 2022-08-01 15:39:04 +0200 |
commit | 616fcecc7af865b5155894081077900429951665 (patch) | |
tree | f3bdcd159e9f494000f7e85293139bd595941634 | |
parent | 9b1854255abdcf54d504f73e5272122d461b7bc8 (diff) |
Add Referrer-Policy header
-rw-r--r-- | jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java index 24cd9245b61..520e22de136 100644 --- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java +++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java @@ -19,5 +19,6 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter { response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); response.setHeader("X-Content-Type-Options", "nosniff"); response.setHeader("X-Frame-Options", "DENY"); + response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin"); } } |