diff --git a/src/wp-includes/rest-api/class-wp-rest-server.php b/src/wp-includes/rest-api/class-wp-rest-server.php index 75b3388bf4..12e4086bbc 100644 --- a/src/wp-includes/rest-api/class-wp-rest-server.php +++ b/src/wp-includes/rest-api/class-wp-rest-server.php @@ -226,6 +226,7 @@ class WP_REST_Server { public function serve_request( $path = null ) { $content_type = isset( $_GET['_jsonp'] ) ? 'application/javascript' : 'application/json'; $this->send_header( 'Content-Type', $content_type . '; charset=' . get_option( 'blog_charset' ) ); + $this->send_header( 'X-Robots-Tag', 'noindex' ); /* * Mitigate possible JSONP Flash attacks. diff --git a/tests/phpunit/tests/rest-api/rest-server.php b/tests/phpunit/tests/rest-api/rest-server.php index 21fc61c7b9..8a53360157 100644 --- a/tests/phpunit/tests/rest-api/rest-server.php +++ b/tests/phpunit/tests/rest-api/rest-server.php @@ -717,6 +717,15 @@ class Tests_REST_Server extends WP_Test_REST_TestCase { $this->assertContains( 'test/another', $namespaces ); } + public function test_x_robot_tag_header_on_requests() { + $request = new WP_REST_Request( 'GET', '/', array() ); + + $result = $this->server->serve_request('/'); + $headers = $this->server->sent_headers; + + $this->assertEquals( 'noindex', $headers['X-Robots-Tag'] ); + } + public function test_nocache_headers_on_authenticated_requests() { $editor = self::factory()->user->create( array( 'role' => 'editor' ) ); $request = new WP_REST_Request( 'GET', '/', array() );