From 8bcebe560cdad8baf30adb411fec9f9d736d72f4 Mon Sep 17 00:00:00 2001
From: Maria Martinez <maria.martinez@gov.bc.ca>
Date: Fri, 12 Jan 2024 16:10:35 -0800
Subject: [PATCH] FSADT1-1087

---
 backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java b/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java
index 08732a9d91..4aa8ab8e75 100644
--- a/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java
+++ b/backend/src/main/java/ca/bc/gov/app/filter/CorsWebFilter.java
@@ -70,6 +70,9 @@ public Mono<Void> filter(ServerWebExchange ctx, WebFilterChain chain) {
     headers.add("Strict-Transport-Security", 
                 "max-age=300; includeSubDomains");
     
+    headers.add("Referrer-Policy", 
+                "no-referrer");
+    
     headers.remove("Server");
     
     headers.remove("X-Powered-By");