How can I add Referrer-Policy header in apache with htaccess?

How can I add Referrer-Policy header with .htaccess?

Before add Referrer-Policy header with htaccess,
First, you must activate rewrite module.



First, you must activate rewrite module.
Ctrl+v this code in terminal.
sudo a2enmod rewrite

If you finished the rewrite activating, You can use htaccess in apache.

Let's add Referrer-Policy header in apache with htaccess!
Header always set Referrer-Policy "same-origin"
 Write in htaccess.

The additional option is
no-referrer
no-referrer-when-downgrade (default)
origin
origin-when-cross-origin
same-origin
strict-origin
strict-origin-when-cross-origin
unsafe-url
------------------------------------------------------------
no-referrer
The Referer header will be omitted entirely. No referrer information is sent along with requests.
no-referrer-when-downgrade (default)
This is the default behavior if no policy is specified, or if the provided value is invalid. The origin, path, and querystring of the URL are sent as a referrer when the protocol security level stays the same (HTTP→HTTP, HTTPS→HTTPS) or improves (HTTP→HTTPS), but isn't sent to less secure destinations (HTTPS→HTTP).
There is effort from browsers in moving to a stricter default value, namely strict-origin-when-cross-origin (see https://github.com/whatwg/fetch/pull/952), consider using this value (or a stricter one), if possible, when changing the Referrer-Policy.
origin
Only send the origin of the document as the referrer.
For example, a document at https://example.com/page.html will send the referrer https://example.com/.
origin-when-cross-origin
Send the origin, path, and query string when performing a same-origin request, but only send the origin of the document for other cases.
same-origin
A referrer will be sent for same-site origins, but cross-origin requests will send no referrer information.
strict-origin
Only send the origin of the document as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP).
strict-origin-when-cross-origin
Send the origin, path, and querystring when performing a same-origin request, only send the origin when the protocol security level stays the same while performing a cross-origin request (HTTPS→HTTPS), and send no header to any less-secure destinations (HTTPS→HTTP).
unsafe-url
Send the origin, path, and query string when performing any request, regardless of security.

This explaination is mozilla's explaination
------------------------------------------------------------

Thanks for watching and write the commet to rewrite request or question

Post a Comment

0 Comments

recent post