From 091308787b1b97cfc133dd56a96e170213196ea7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <f@miniflux.net>
Date: Sun, 14 Feb 2021 11:16:06 -0800
Subject: [PATCH] Add header "Referrer-Policy: no-referrer"

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
---
 http/response/builder.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/http/response/builder.go b/http/response/builder.go
index 43e64c88..8335d0ad 100644
--- a/http/response/builder.go
+++ b/http/response/builder.go
@@ -97,6 +97,7 @@ func (b *Builder) writeHeaders() {
 	b.headers["X-Content-Type-Options"] = "nosniff"
 	b.headers["X-Frame-Options"] = "DENY"
 	b.headers["Content-Security-Policy"] = "default-src 'self'; img-src * data:; media-src *; frame-src *"
+	b.headers["Referrer-Policy"] = "no-referrer"
 
 	for key, value := range b.headers {
 		b.w.Header().Set(key, value)