Configuring Referrer-Policy¶
See Referrer Policy - MDN for a detailed description on various referrer policies.
This header can be configured as such:
Configuration | Resulting header |
---|---|
Disabled | None |
NoReferrer | Referrer-Policy: no-referrer |
NoReferrerWhenDowngrade | Referrer-Policy: no-referrer-when-downgrade |
SameOrigin | Referrer-Policy: same-origin |
Origin | Referrer-Policy: origin |
StrictOrigin | Referrer-Policy: strict-origin |
OriginWhenCrossOrigin | Referrer-Policy: origin-when-cross-origin |
StrictOriginWhenCrossOrigin | Referrer-Policy: strict-origin-when-cross-origin |
UnsafeUrl | Referrer-Policy: unsafe-url |
Register the middleware in the startup class:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
...
app.UseReferrerPolicy(opts => opts.NoReferrer());
app.UseStaticFiles();
app.UseMvc(...);
}
As an MVC attribute, defaults to policy=”Deny”:
[ReferrerPolicy(ReferrerPolicy.NoReferrer)]
Set referrer policy in a <meta> tag:
<meta name="referrer" nws-referrerpolicy="NoReferrer"/>