workers-site: enable referrer in secure contexts

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-12-19 11:42:36 +05:30 · 2020-12-19 11:42:36 +05:30 · 5a5ab88bf0
parent 7352c7b648
commit 5a5ab88bf0
1 changed files with 1 additions and 1 deletions
--- a/workers-site/src/handler.ts
+++ b/workers-site/src/handler.ts
@ -19,7 +19,7 @@ async function getPageFromKV(event: FetchEvent): Promise<Response> {
    response.headers.set('X-XSS-Protection', '1; mode=block')
    response.headers.set('X-Content-Type-Options', 'nosniff')
    response.headers.set('X-Frame-Options', 'DENY')
-    response.headers.set('Referrer-Policy', 'unsafe-url')
+    response.headers.set('Referrer-Policy', 'no-referrer-when-downgrade')
    response.headers.set('Feature-Policy', 'none')
    response.headers.set('Content-Security-Policy', CSP_POLICY)
    response.headers.set('Feature-Policy', FEATURE_POLICY)