diff options
| author | Nick Pope <nick.pope@flightdataservices.com> | 2019-03-21 21:33:41 +0000 |
|---|---|---|
| committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2019-09-09 13:35:41 +0200 |
| commit | 406dba04e1482a308cad74e3d06c050c76ba2d16 (patch) | |
| tree | d5ec1f049f18481b620d993938d21de83d547673 /docs/topics/security.txt | |
| parent | 1edbb6c19405a629200ba3683968f3dba2744e7e (diff) | |
Fixed #29406 -- Added support for Referrer-Policy header.
Thanks to James Bennett for the initial implementation.
Diffstat (limited to 'docs/topics/security.txt')
| -rw-r--r-- | docs/topics/security.txt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt index 862b2de258..8d749cc478 100644 --- a/docs/topics/security.txt +++ b/docs/topics/security.txt @@ -204,6 +204,15 @@ Additionally, Django requires you to explicitly enable support for the ``X-Forwarded-Host`` header (via the :setting:`USE_X_FORWARDED_HOST` setting) if your configuration requires it. +Referrer policy +=============== + +Browsers use the ``Referer`` header as a way to send information to a site +about how users got there. By setting a *Referrer Policy* you can help to +protect the privacy of your users, restricting under which circumstances the +``Referer`` header is set. See :ref:`the referrer policy section of the +security middleware reference <referrer-policy>` for details. + Session security ================ |