Add Referrer-Policy and X-Content-Type-Options headers

02e7c7e8 · Alexandre Iooss · Juliusz Chroboczek · df55c1e7 · 02e7c7e8
Commit 02e7c7e8 authored Dec 30, 2022 by Alexandre Iooss Committed by Juliusz Chroboczek Apr 01, 2023
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 0 deletions

webserver/webserver.go webserver/webserver.go +6 -0

No files found.
--- a/webserver/webserver.go
+++ b/webserver/webserver.go
@@ -103,6 +103,12 @@ func cspHeader(w http.ResponseWriter, connect string) {
 	}
 	w.Header().Add("Content-Security-Policy",
 		c+" img-src data: 'self'; media-src blob: 'self'; default-src 'self'")
+
+	// Make browser stop sending referrer information
+	w.Header().Add("Referrer-Policy", "no-referrer")
+
+	// Require correct MIME type to load CSS and JS
+	w.Header().Add("X-Content-Type-Options", "nosniff")
 }

 func notFound(w http.ResponseWriter) {