Add Referrer-Policy

app/src/main/kotlin/filters/SecurityFilter.kt

@@ -5,16 +5,16 @@ import org.http4k.core.HttpHandler
 import org.http4k.core.Request
 
 object SecurityFilter {
-    operator fun invoke(): Filter {
+    operator fun invoke() = Filter { next: HttpHandler ->
-        return Filter { next: HttpHandler ->
         { request: Request ->
             val response = next(request)
                 .header("X-Content-Type-Options", "nosniff")
 
-                if (response.header("Content-Type")?.contains("text/html") == true)
+            if (response.header("Content-Type")?.contains("text/html") == true) {
-                    response.header("Content-Security-Policy", "default-src 'self'")
+                response
-                else response
+                    .header("Content-Security-Policy", "default-src 'self'")
-            }
+                    .header("Referrer-Policy", "no-referrer")
+            } else response
         }
     }
 }