From b9a180b154fe3ba6e02fc3d7ac313d91d441014b Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Mon, 20 Jan 2020 18:26:22 +0100
Subject: Disable DNS prefetching

---
 server.go | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'server.go')

diff --git a/server.go b/server.go
index 526db9f..267f6ad 100644
--- a/server.go
+++ b/server.go
@@ -305,6 +305,8 @@ func New(e *echo.Echo, options *Options) (*Server, error) {
 			// `style-src 'unsafe-inline'` is required for e-mails with
 			// embedded stylesheets
 			ectx.Response().Header().Set("Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'")
+			// DNS prefetching has privacy implications
+			ectx.Response().Header().Set("X-DNS-Prefetch-Control", "off")
 			return next(ectx)
 		}
 	})
-- 
cgit v1.2.3