How to configure HTTP header: Referrer-Policy?
Question

Hi,

Is there any place (for instance Lifetime) where I can configure Referrer-Policy HTTP header for all OS applications?

More info here about the HTTP header:

I have looked to OS documentation: "Apply Content Security Policy" but it doesn't seem to be able to config this header.

Best regards,

João

mvp_badge
MVP

Hi João,


You can change your web.config file to send HTTP Security Headers using Factory Configuration forge component.

You can see here an example. 


Kind Regards,
João

Hi,

Facing the same issue. I need to configure the; 'referrer-policy' and the 'permissions-policy'. 

I found this part online regarding adding the permissions-policy to the header:

Permissions-Policy: geolocation=(self "https://example.com"), microphone=()

Can someone explain step-by-step where to add this?

Thanks! 

Regards,

Jorick


Edit: 

For permissions-policy and referrer-policy add this as new configuration and assign it to the espaces.


<?xml version="1.0" encoding="UTF-8"?>

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">


    <xsl:output method="xml" indent="yes" encoding="UTF-8"/> 


    <xsl:template match="@*|node()">

        <xsl:copy>

            <xsl:apply-templates select="@*|node()"/>

        </xsl:copy>

    </xsl:template>

 

    <xsl:template match="/configuration/system.webServer/httpProtocol/customHeaders">

        <xsl:copy>

            <xsl:apply-templates select="@*|node()"/>

            <add name="Referrer-Policy" value="no-referrer" />

            <add name="Permissions-Policy" value="no-referrer" />


        </xsl:copy>

    </xsl:template>


</xsl:stylesheet>

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.