EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #09388


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] referrer policy and permission policy (headers)


CAUTION: This e-mail originated outside the University of Southampton.

Does anyone have a referrer policy header (see: https://scotthelme.co.uk/a-new-security-header-referrer-policy/)  and/or a permission policy header (https://www.w3.org/TR/permissions-policy-1/?ref=scotthelme.co.uk ) set on their EPrints servers?

 

What do you have as the settings for these?

 

Since we have an HSTS / HTTPS-only site, I am considering adding the following as the referrer-policy: no-referrer-when-downgrade.  I wonder if that would that would break anything, though?

 

I have no idea about permission policy, I just know that it’s one of the headers that is required for a higher security score at https://securityheaders.com/ 

 

Tomasz