From 13ca7ac4d44fff525bd037e648e81dafebb976cd Mon Sep 17 00:00:00 2001
From: Marcus Da Coregio <marcusdacoregio@gmail.com>
Date: Thu, 20 Jul 2023 15:36:27 -0300
Subject: [PATCH] Referrer-Policy is added by default in Reactive applications

Closes gh-13561
---
 docs/modules/ROOT/pages/reactive/exploits/headers.adoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/modules/ROOT/pages/reactive/exploits/headers.adoc b/docs/modules/ROOT/pages/reactive/exploits/headers.adoc
index 3b6c0161002..ae907daf8db 100644
--- a/docs/modules/ROOT/pages/reactive/exploits/headers.adoc
+++ b/docs/modules/ROOT/pages/reactive/exploits/headers.adoc
@@ -410,8 +410,8 @@ fun webFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain {
 [[webflux-headers-referrer]]
 == Referrer Policy
 
-Spring Security does not add xref:features/exploits/headers.adoc#headers-referrer[Referrer Policy] headers by default.
-You can enable the Referrer Policy header using configuration as shown below:
+Spring Security adds the xref:features/exploits/headers.adoc#headers-referrer[Referrer Policy] header by default with the directive `no-referrer`.
+You can change the Referrer Policy header using configuration as shown below:
 
 .Referrer Policy Configuration
 [tabs]