Tags
PHP , Security , header
Asked 2 years ago
27 Apr 2022
Views 9890
steave

steave posted

PHP : How to set Referrer Policy security header ?

How to set 'Referrer Policy' security header in PHP?

i want to set 'Referrer Policy' header with the following value: 


Referrer-Policy   'no-referrer';

yogi

yogi
answered Apr 27 '22 00:00

use header() method of the PHP to send the Referrer-Policy header attribute
Referrer-Policy: no-referrer
php code for Referrer Policy security header: 

header("Referrer-Policy: \"no-referrer\";");
it send header to the browser with Referrer-Policy properties
"no-referrer" Policy, which means no referrer information is to be sent along with requests made from a particular request client to any origin.



Referrer-Policy: no-referrer-when-downgrade
php code: 

header("Referrer-Policy: \"no-referrer-when-downgrade\";");
"no-referrer-when-downgrade" Policy, which means the protocol security level stays the same or improves (HTTP?HTTP, HTTP?HTTPS, HTTPS?HTTPS). Don't send the Referer header for requests to less secure destinations (HTTPS?HTTP, HTTPS?file).



Referrer-Policy: origin
php code: 

header("Referrer-Policy: \"origin\";");
"origin" Policy, which means Send only the origin in the Referer.



Referrer-Policy: origin-when-cross-origin
php code: 
header("Referrer-Policy: \"origin-when-cross-origin\";");
"origin-when-cross-origin" Policy, which means When performing a same-origin request to the same protocol level (HTTP?HTTP, HTTPS?HTTPS), send the origin, path, and query string . Send only the origin for cross origin requests and requests to less secure destinations (HTTPS?HTTP).




Referrer-Policy: same-origin
php code: 

header("Referrer-Policy: \"same-origin\";");
"same-origin" Policy, which means send the origin, path, and query string for same-origin requests. Don't send the Referer header for cross-origin requests.




Referrer-Policy: strict-origin
php code: 

header("Referrer-Policy: \"strict-origin\";");
"strict-origin" Policy, which means Send only the origin when the protocol security level stays the same (HTTPS?HTTPS). Don't send the Referer header to less secure destinations (HTTPS?HTTP).






Referrer-Policy: strict-origin-when-cross-origin
php code: 

header("Referrer-Policy: \"strict-origin-when-cross-origin\";");
"strict-origin-when-cross-origin" Policy, which means Send the origin, path, and querystring when performing a same-origin request. For cross-origin requests send the origin (only) when the protocol security level stays same (HTTPS?HTTPS). Don't send the Referer header to less secure destinations (HTTPS?HTTP).




Referrer-Policy: unsafe-url
php code: 

header("Referrer-Policy: \"unsafe-url\";");
"unsafe-url" Policy, which means Send the origin, path, and query string when performing any request, regardless of security.




Edit Answer
Post Answer
OMG!   You need to Login / Register to Post Answer
[code] Bold LE LP LD LW LDR WAR INF DAN SUC FYI h2 h3 italic