What is the name of the domain?
What is the issue you’re encountering
Some setting is adding referrer-policy headre
What steps have you taken to resolve the issue?
Something within Cloudflare response pipeline is adding referrer-policy: strict-origin
header to the response from origin.
Origin definitely does not send that header and I wonder which settings in Cloudflare would cause that (eg waf? osap manage rules?)
I don’t have specific transform rules that adds the header. However if I add a rule to remove the header it does get removed, so whatever step is adding it, it run before transform header rules.
Any idea?
What are the steps to reproduce the issue?
I’m not sure what what setting is adding the transformation so not sure how to replicate.