From 94cf154691b2e9a19ca7e818a302707463163f5f Mon Sep 17 00:00:00 2001
From: Mathias Kresin <m@kresin.me>
Date: Sat, 16 May 2015 09:35:50 +0200
Subject: [PATCH] remove referrer by default

The referrer CSP is supported by chrome and firefox 38+.

Suppressing the referrer increases the users privacy and the image proxy isn't
any longer required to cloak the referrer on websites which are using hotlinking
protection based on referrers.
---
 controllers/common.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/controllers/common.php b/controllers/common.php
index 07c3104..35a18aa 100644
--- a/controllers/common.php
+++ b/controllers/common.php
@@ -50,6 +50,7 @@ Router\before(function($action) {
         'media-src' => '*',
         'img-src' => '*',
         'frame-src' => Model\Config\get_iframe_whitelist(),
+        'referrer' => 'no-referrer',
     ));
 
     Response\xframe();