EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #09388
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
[EP-tech] referrer policy and permission policy (headers)
- To: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>
- Subject: [EP-tech] referrer policy and permission policy (headers)
- From: Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>
- Date: Wed, 6 Sep 2023 20:26:56 +0000
CAUTION: This e-mail originated outside the University of Southampton.
Does anyone have a referrer policy header (see:
https://scotthelme.co.uk/a-new-security-header-referrer-policy/) and/or a permission policy header (https://www.w3.org/TR/permissions-policy-1/?ref=scotthelme.co.uk ) set on
their EPrints servers? What do you have as the settings for these? Since we have an HSTS / HTTPS-only site, I am considering adding the following as the referrer-policy: no-referrer-when-downgrade. I wonder if that would that would break anything, though? I have no idea about permission policy, I just know that it’s one of the headers that is required for a higher security score at
https://securityheaders.com/ Tomasz |
- Follow-Ups:
- RE: [EP-tech] referrer policy and permission policy (headers)
- From: Matthew Kerwin <matthew.kerwin@qut.edu.au>
- RE: [EP-tech] referrer policy and permission policy (headers)
- Prev by Date: AW: [EP-tech] ORCID Support Advance: encoding
- Next by Date: RE: [EP-tech] referrer policy and permission policy (headers)
- Previous by thread: [EP-tech] Question on export formats in HTML header
- Next by thread: RE: [EP-tech] referrer policy and permission policy (headers)
- Index(es):