From cf8927deec11db7aadc5274b7e7ac6ac96ddea28 Mon Sep 17 00:00:00 2001
From: Patrik Kernstock <info@pkern.at>
Date: Fri, 12 Oct 2018 16:26:28 +0200
Subject: [PATCH] Add hint for Referrer-Policy

Signed-off-by: Patrik Kernstock <info@pkern.at>

Related to nextcloud/server#11798
---
 admin_manual/configuration_server/harden_server.rst | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/admin_manual/configuration_server/harden_server.rst b/admin_manual/configuration_server/harden_server.rst
index 01bca7375..121610b8c 100644
--- a/admin_manual/configuration_server/harden_server.rst
+++ b/admin_manual/configuration_server/harden_server.rst
@@ -186,6 +186,8 @@ These include:
 	- Instructs search machines to not index these pages.
 - ``X-Frame-Options: SAMEORIGIN``
 	- Prevents embedding of the Nextcloud instance within an iframe from other domains to prevent Clickjacking and other similar attacks.
+- ``Referrer-Policy: no-referrer``
+	- The default `no-referrer` policy instructs the browser not to send referrer information along with requests to any origin.
 
 These headers are hard-coded into the Nextcloud server, and need no intervention 
 by the server administrator.