diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index b8448ddb9..8968133bd 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -142,6 +142,8 @@ void FileServerRequestHandler::handleRequest(const HTTPRequest& request, Poco::M // Ask UAs to block if they detect any XSS attempt response.add("X-XSS-Protection", "1; mode=block"); + // No referrer-policy + response.add("Referrer-Policy", "no-referrer"); } const auto path = Poco::Path(LOOLWSD::FileServerRoot, getRequestPathname(request)); @@ -345,7 +347,8 @@ void FileServerRequestHandler::preprocessFile(const HTTPRequest& request, Poco:: << "Content-Length: " << preprocess.size() << "\r\n" << "Content-Type: " << mimeType << "\r\n" << "X-Content-Type-Options: nosniff\r\n" - << "X-XSS-Protection: 1; mode=block\r\n"; + << "X-XSS-Protection: 1; mode=block\r\n" + << "Referrer-Policy: no-referrer\r\n"; if (!wopiDomain.empty()) {