Fixed #29406 -- Added support for Referrer-Policy header.

Thanks to James Bennett for the initial implementation.
2025-10-23 21:59:11 +00:00 · 2019-03-21 21:33:41 +00:00
parent 1edbb6c194
commit 406dba04e1
10 changed files with 256 additions and 5 deletions
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -204,6 +204,15 @@ Additionally, Django requires you to explicitly enable support for the
 ``X-Forwarded-Host`` header (via the :setting:`USE_X_FORWARDED_HOST` setting)
 if your configuration requires it.

+Referrer policy
+===============
+
+Browsers use the ``Referer`` header as a way to send information to a site
+about how users got there. By setting a *Referrer Policy* you can help to
+protect the privacy of your users, restricting under which circumstances the
+``Referer`` header is set. See :ref:`the referrer policy section of the
+security middleware reference <referrer-policy>` for details.
+
 Session security
 ================