-
Notifications
You must be signed in to change notification settings - Fork 29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
govdirectory.org should set the Referrer-Policy header #111
Comments
Hi! Can I work on this? I see that it's a "good first issue" and I would like to use this opportunity to fix this issue. |
@Abbe98 Is this issue still relevant? Apparently (since October 2021) if there is no explicit header present, the default policy is applied. Which is |
No if that's the case we can close this! |
@Abbe98 |
Amazing! |
The feature
No external sites we link to should be allowed to see the origin of a user following the link. Therefore,
Referrer-Policy
should be set tono-referrer
.Why?
For privacy reasons.
Examples and inspiration
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Notes
Because we serve Govdirectory from the Github CDN we can't set custom headers so this tasked is blocked by #33.
The text was updated successfully, but these errors were encountered: