Table of Content
Referrer-Policy HTTP header governs which referrer information, sent in the
Referer header, should be included with requests made. It is a security feature that offers control over the privacy of the referral data. This header helps with privacy by limiting the personal data communicated in HTTP
Referer headers from one site to another.
Referrer-Policy : <policy>
<policy> is the directive value that specifies the referral policy to be used.
Referrer-Policy Header has several directives, including:
no-referrer: No referrer information is sent
no-referrer-when-downgrade: This is the default behavior if no policy is specified
origin: Only send the origin of the document as the referrer
origin-when-cross-origin: Full URL when on the same origin, but only send origin when cross-origin
same-origin: A referrer will be sent for same-site origins, but cross-origin requests will contain no referrer information
strict-origin: Only send the origin of the document as the referrer to same-protocol security contexts
strict-origin-when-cross-origin: Full URL when on the same origin and same protocol, but only send origin of the document for other cases
unsafe-url: Send the full URL (stripped of fragment) as referrer
To use the
Referrer-Policy header, simply include it in your HTTP response headers with your preferred directive. Here's an example with the
How to modify Referrer-Policy header
ModHeader is a Chrome extension that allows you to modify and manipulate HTTP request headers and response headers. You can use it to modify the
Referrer-Policy header, which is useful for testing your website under different referral policies.
Here is how you can do it:
- Install the ModHeader extension from the Chrome Web Store.
- Click on the ModHeader icon in the toolbar.
- In the
Response Headerssection, click
namefield and your desired policy directive in the
Now your browser will use your specified referrer policy when making requests, allowing you to test your website's referral functionality under varying conditions.