Enforce referrer-policy in WebUI

This stops leaking private data to other websites via Referrer header.

src/webui/webapplication.cpp

@@ -570,9 +570,11 @@ Http::Response WebApplication::processRequest(const Http::Request &request, cons
     if (m_isHttpsEnabled) {
         csp += QLatin1String(" upgrade-insecure-requests;");
     }
-
     header(Http::HEADER_CONTENT_SECURITY_POLICY, csp);
 
+    if (!m_isAltUIUsed)
+        header(Http::HEADER_REFERRER_POLICY, "same-origin");
+
     return response();
 }