wp_admin_headers()

In this article

Sends a referrer policy header so referrers are not sent externally from administration screens.

Source

function wp_admin_headers() {
	$policy = 'strict-origin-when-cross-origin';

	/**
	 * Filters the admin referrer policy header value.
	 *
	 * @since 4.9.0
	 * @since 4.9.5 The default value was changed to 'strict-origin-when-cross-origin'.
	 *
	 * @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
	 *
	 * @param string $policy The admin referrer policy header value. Default 'strict-origin-when-cross-origin'.
	 */
	$policy = apply_filters( 'admin_referrer_policy', $policy );

	header( sprintf( 'Referrer-Policy: %s', $policy ) );
}

Hooks

apply_filters( ‘admin_referrer_policy’, string $policy )

Filters the admin referrer policy header value.

Changelog

VersionDescription
4.9.0Introduced.

User Contributed Notes

You must log in before being able to contribute a note or feedback.