From f8df45ef1697fa44baa0d0a5abe2f97f1254ebce Mon Sep 17 00:00:00 2001
From: Justin Stayton <hello@piratepx.com>
Date: Wed, 16 Dec 2020 07:09:47 -0500
Subject: [PATCH] Set Referrer-Policy header for web

---
 api/routes/web.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/api/routes/web.js b/api/routes/web.js
index 4f3a8e8..f120ed6 100644
--- a/api/routes/web.js
+++ b/api/routes/web.js
@@ -20,6 +20,7 @@ module.exports = async (fastify) => {
       reply.setHeader('X-Content-Type-Options', 'nosniff')
       reply.setHeader('X-Frame-Options', 'DENY')
       reply.setHeader('X-XSS-Protection', '1; mode=block')
+      reply.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin')
     },
   })