When a user navigates the site and click links to other sites, the destination site usually receives information about the origin site the user came from. The referrer header lets you control what information should be present in the header, which can be read by the destination site. We can add the referrer policy middleware in the Configure method of the Startup class as follows:

app.UseReferrerPolicy(opts => opts.NoReferrer());

The NoReferrer option means that no referrer information will be sent to the target site.

After enabling all of the preceding middleware in our ASP.NET Core application, when we scan through the securityheaders.io site, we will see that we have a security report summary with an A+, which means that the site is completely secured: