Merge pull request #23560 from vespa-engine/mortent/referrer-policy-header

Add Referrer-Policy header
author: Morten Tokle <mortent@yahooinc.com> 2022-08-01 15:51:43 +0200
committer: GitHub <noreply@github.com> 2022-08-01 15:51:43 +0200
commit: 9719904260e487af585b0f55facaf48839ac9ee9 (patch)
tree: ad49cbcb499a83c022a0a7057ed368f2d30657ab
parent: 5f151f3cf476928988ea41adbda6d77f02587342 (diff)
parent: 616fcecc7af865b5155894081077900429951665 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
index 24cd9245b61..520e22de136 100644
--- a/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
+++ b/jdisc-security-filters/src/main/java/com/yahoo/jdisc/http/filter/security/misc/SecurityHeadersResponseFilter.java
@@ -19,5 +19,6 @@ public class SecurityHeadersResponseFilter implements SecurityResponseFilter {
         response.setHeader("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
         response.setHeader("X-Content-Type-Options", "nosniff");
         response.setHeader("X-Frame-Options", "DENY");
+        response.setHeader("Referrer-Policy", "strict-origin-when-cross-origin");
     }
 }
author	Morten Tokle <mortent@yahooinc.com>	2022-08-01 15:51:43 +0200
committer	GitHub <noreply@github.com>	2022-08-01 15:51:43 +0200
commit	9719904260e487af585b0f55facaf48839ac9ee9 (patch)
tree	ad49cbcb499a83c022a0a7057ed368f2d30657ab
parent	5f151f3cf476928988ea41adbda6d77f02587342 (diff)
parent	616fcecc7af865b5155894081077900429951665 (diff)