From cd96e311af724158c02d2b2089e5a34619308f4f Mon Sep 17 00:00:00 2001
From: "A. Schulze" <git@andeasschulze.de>
Date: Wed, 27 Mar 2024 22:16:02 +0100
Subject: [PATCH] Referrer-Policy updated

---
 CHANGELOG.md | 4 ++++
 scmdhttpd.go | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d1a8285..cee93ca 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## main
+
+- Referrer-policy changed to 'no-referrer' as suggested by internet.nl
+
 ## 2.3.0
 
 - RFC 9116 support
diff --git a/scmdhttpd.go b/scmdhttpd.go
index 69d813c..1c5f535 100644
--- a/scmdhttpd.go
+++ b/scmdhttpd.go
@@ -201,7 +201,7 @@ func main() {
 				w.Header().Add("Content-Security-Policy", "default-src 'none';img-src 'self';style-src 'self';form-action 'none';base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;")
 				w.Header().Add("X-Xss-Protection", "0")
 				w.Header().Add("X-Frame-Options", "DENY")
-				w.Header().Add("Referrer-Policy", "strict-origin-when-cross-origin")
+				w.Header().Add("Referrer-Policy", "no-referrer")
 				w.Header().Add("X-Content-Type-Options", "nosniff")
 				w.Header().Add("Expect-Ct", "max-age=6048000,enforce")