Another blog by @Scott_Helme here on a new http header we need to be setting so our users info is not leaked to third parties when using a link to another site from our own.
It’s pretty simple, and we are using WordPress on nginx for this example.
First we go to our config file.
sudo nano /etc/nginx/sites-available/default
Then below our existing headers we simply add
add_header Referrer-Policy "strict-origin-when-cross-origin";
then restart nginx and we’re done.
sudo systemctl restart nginx
There are several different options and if you are unsure you should check out the previously mentioned article for a thorough explanation.