Set default Referrer Policy to no-referrer-when-downgrade

jelly · jelly · commit a0ea44189ad4 · 2020-04-09T20:48:55.000+02:00
Do not send a Referrer header when the connection is downgraded from https to http. Closes: #177
diff --git a/settings.py b/settings.py
@@ -87,6 +87,9 @@
 # Clickjacking protection
 X_FRAME_OPTIONS = 'DENY'
 
+# Referrer Policy
+SECURE_REFERRER_POLICY = 'no-referrer-when-downgrade'
+
 # X-Content-Type-Options, stops browsers from trying to MIME-sniff the content type
 SECURE_CONTENT_TYPE_NOSNIFF = True
 
