From 918343865ef245ba8f32c4ae44587629878ea4b2 Mon Sep 17 00:00:00 2001
From: apoc4lyps <10954235+apoc4lyps@users.noreply.github.com>
Date: Mon, 28 May 2018 12:28:23 +0200
Subject: [PATCH 1/2] hardening http headers

---
 data/conf/nginx/site.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index e339fdf9..5519d769 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -35,7 +35,9 @@ server {
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Robots-Tag none;
   add_header X-Download-Options noopen;
+  add_header X-Frame-Options "SAMEORIGIN" always;
   add_header X-Permitted-Cross-Domain-Policies none;
+  add_header Referrer-Policy no-referrer-when-downgrade;
 
   index index.php index.html;
 

From cf56be1843b8f285f665da2d9e85d7fd28f816d2 Mon Sep 17 00:00:00 2001
From: apoc4lyps <10954235+apoc4lyps@users.noreply.github.com>
Date: Mon, 6 Aug 2018 09:24:34 +0200
Subject: [PATCH 2/2] set Referrer-Policy to strict-origin

---
 data/conf/nginx/site.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/conf/nginx/site.conf b/data/conf/nginx/site.conf
index 5519d769..7aa5bfc0 100644
--- a/data/conf/nginx/site.conf
+++ b/data/conf/nginx/site.conf
@@ -37,7 +37,7 @@ server {
   add_header X-Download-Options noopen;
   add_header X-Frame-Options "SAMEORIGIN" always;
   add_header X-Permitted-Cross-Domain-Policies none;
-  add_header Referrer-Policy no-referrer-when-downgrade;
+  add_header Referrer-Policy strict-origin;
 
   index index.php index.html;