Merge pull request #725 from SISheogorath/fix/referrerPolicy

SISheogorath · web-flow · commit e79373883390 · 2018-02-12T22:23:19.000+01:00
Add referrer policy
diff --git a/app.js b/app.js
@@ -110,6 +110,13 @@ if (config.hsts.enable) {
   logger.info('https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security')
 }
 
+// Add referrer policy to improve privacy
+app.use(
+  helmet.referrerPolicy({
+    policy: 'same-origin'
+  })
+)
+
 // Generate a random nonce per request, for CSP with inline scripts
 app.use(csp.addNonceToLocals)
 
