New HTTP Header “Referrer Policy”

Another blog by @Scott_Helme here on a new http header we need to be setting so our users info is not leaked to third parties when using a link to another site from our own.

It’s pretty simple, and we are using WordPress on nginx for this example.

First we go to our config file.

sudo nano /etc/nginx/sites-available/default

Then below our existing headers we simply add

add_header Referrer-Policy "strict-origin-when-cross-origin";

then restart nginx and we’re done.

sudo systemctl restart nginx

There are several different options and if you are unsure you should check out the previously mentioned article for a thorough explanation.