Can't modify same-origin referrer-policy

Our Gatsby site uwalumni.com is set up to use the gatsby-plugin-netlify plugin to specify that we want all pages to use the referrer-policy “strict-origin-when-cross-origin”. The config looks like this:

{
resolve: gatsby-plugin-netlify,
options: {
headers: {
“/*”: [
“Referrer-Policy: strict-origin-when-cross-origin”,
]
},
allPageHeaders: ,
mergeSecurityHeaders: true, // boolean to turn off the default security headers
mergeCachingHeaders: true, // boolean to turn off the default caching headers
transformHeaders: (headers, path) => headers, // optional transform for manipulating headers under each path (e.g.sorting), etc.
generateMatchPathRewrites: true, // boolean to turn off automatic creation of redirect rules for client only paths
}
},

However, this does not seem to be working, and for some reason Netlify is building our site such that it has the Referrer-Policy “same-origin” - resulting in the “Referer” value not being sent to external websites we link to.

Can someone help me figure out how to get our site configured to use “strict-origin-when-cross-origin”?

Hi, @jamesrotering. Would you please try adding these headers using the documentation found here:

If that doesn’t work, please let us know what steps were taken and what the results where.

Thanks for the response, I must have missed the notification and lost track of this for a while.

This site is currently still running on gatsby 5.11 so that method won’t work. I attempted the upgrade at some point in the past and had to revert it for reasons I don’t currently remember. I’m going to look into that and attempt the upgrade again to see if that resolves the issue.

We do have another site that is configured like the instructions above, but I’m having a hard time finding a link to test on it because all of our links seem to have explicit rel=noreferrer attributes for some reason. I’m going to try testing on that site as well when I can find a moment.