Add HTTP header to explicitly opt out of FLoC by default (#16036)

Fixes #16034
3 years ago · 71f335c2fc
parent bb68a9570e
commit 71f335c2fc
1 changed files with 1 additions and 0 deletions
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -116,6 +116,7 @@ Rails.application.configure do
    'X-Frame-Options'        => 'DENY',
    'X-Content-Type-Options' => 'nosniff',
    'X-XSS-Protection'       => '1; mode=block',
+    'Permissions-Policy'     => 'interest-cohort=()',
  }

  config.x.otp_secret = ENV.fetch('OTP_SECRET')