From 96156ca622773966abfcc139284821163425fa6d Mon Sep 17 00:00:00 2001
From: Matthew Gamble <git@matthewgamble.net>
Date: Tue, 14 Feb 2017 18:17:35 +1100
Subject: [PATCH] Add no-referrer referrer policy to prevent leakage of
 sensitive info

This prevents Referer headers from being sent when requesting any
external assets, and when clicking on any offsite links. This includes
the github link in the footer. This helps to prevent the leakage of
sensitive details, such as private domain names.
---
 tsstats/templates/index.jinja2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tsstats/templates/index.jinja2 b/tsstats/templates/index.jinja2
index f0f812c..4469a44 100644
--- a/tsstats/templates/index.jinja2
+++ b/tsstats/templates/index.jinja2
@@ -4,6 +4,7 @@
   <meta charset="utf-8">
   <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css" integrity="sha384-BVYiiSIFeK1dGmJRAkycuHAHRg32OmUcww7on3RYdg4Va+PmSTsz/K68vbdEjh4u" crossorigin="anonymous">
   <link rel="stylesheet" href="https://cdn.jsdelivr.net/hint.css/2.4.1/hint.min.css" integrity="sha256-7KczUWqIa/6KaIKtNfG18eilVQR4vJ4S9SSiDAplUwc=" crossorigin="anonymous">
+  <meta name="referrer" content="no-referrer">
   <style type="text/css">
     body {
       padding-top: 50px;