Sends a referrer policy header so referrers are not sent externally from administration screens.
Source
function wp_admin_headers() {
$policy = 'strict-origin-when-cross-origin';
/**
* Filters the admin referrer policy header value.
*
* @since 4.9.0
* @since 4.9.5 The default value was changed to 'strict-origin-when-cross-origin'.
*
* @link https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
*
* @param string $policy The admin referrer policy header value. Default 'strict-origin-when-cross-origin'.
*/
$policy = apply_filters( 'admin_referrer_policy', $policy );
header( sprintf( 'Referrer-Policy: %s', $policy ) );
}
Hooks
- apply_filters( ‘admin_referrer_policy’,
string $policy ) Filters the admin referrer policy header value.
Changelog
Version | Description |
---|---|
4.9.0 | Introduced. |
User Contributed Notes
You must log in before being able to contribute a note or feedback.