This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The HTMLIFrameElement.referrerPolicy property reflects the HTML referrerpolicy attribute of the <iframe> element defining which referrer is sent when fetching the resource.
Syntax
refStr = iframeElt.referrerPolicy; iframeElt.referrerPolicy = refStr;
Values
-
"no-referrer"meaning that theReferer:HTTP header will not be sent."origin"meaning that the referrer will be the origin of the page, that is roughly the scheme, the host and the port."unsafe-url"meaning that the referrer will include the origin and the path (but not the fragment, password, or username). This case is unsafe as it can leak path information that has been concealed to third-party by using TLS.
Examples
var iframe = document.createElement("iframe");
iframe.src = "/";
iframe.referrerPolicy = "unsafe-url";
var body = document.getElementsByTagName("body")[0];
body.appendChild(iframe); // Fetch the image using the complete URL as the referrer
Specifications
| Specification | Status | Comment |
|---|---|---|
| Referrer Policy The definition of 'referrerpolicy attribute' in that specification. |
Candidate Recommendation | Added the referrerPolicy attribute. |
| HTML Living Standard The definition of 'HTMLIFrameElement: referrerPolicy' in that specification. |
Living Standard |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
| Feature | Chrome | Edge | Firefox | Internet Explorer | Opera | Safari |
|---|---|---|---|---|---|---|
| Basic support | 53 | ? | 50 | ? | 38 | ? |
| Feature | Android webview | Chrome for Android | Edge mobile | Firefox for Android | Opera Android | iOS Safari | Samsung Internet |
|---|---|---|---|---|---|---|---|
| Basic support | 51 | 51 | ? | 50 | 38 | ? | ? |