From bfe55bcca1344210ba5f3b8dd3eccce06d3a7a81 Mon Sep 17 00:00:00 2001
From: barbara oliveira <barbarafictiovore@gmail.com>
Date: Thu, 17 Oct 2024 12:02:46 +0200
Subject: [PATCH] Add Referrer-Policy to strict

---
 config/application.rb | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/application.rb b/config/application.rb
index 2ea5e51ef6..3b85f3b20b 100644
--- a/config/application.rb
+++ b/config/application.rb
@@ -30,7 +30,10 @@ class Application < Rails::Application
     config.action_dispatch.default_headers = {
       "X-Frame-Options" => "SAMEORIGIN",
       "X-XSS-Protection" => "1; mode=block",
-      "X-Content-Type-Options" => "nosniff"
+      "X-Content-Type-Options" => "nosniff",
+      "X-Download-Options" => "noopen",
+      "X-Permitted-Cross-Domain-Policies" => "none",
+      "Referrer-Policy" => "strict-origin-when-cross-origin"
     }
 
     # Settings in config/environments/* take precedence over those specified here.