We're looking for a person or people to help audit MDN to find places we could speed up. Is this you or someone you know? Check out the RFP: https://mzl.la/2IHcMiE


This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTMLIFrameElement.referrerPolicy property reflects the HTML referrerpolicy attribute of the <iframe> element defining which referrer is sent when fetching the resource.


refStr = iframeElt.referrerPolicy;
iframeElt.referrerPolicy = refStr;


  • "no-referrer" meaning that the Referer: HTTP header will not be sent.
  • "origin" meaning that the referrer will be the origin of the page, that is roughly the scheme, the host and the port.
  • "unsafe-url" meaning that the referrer will include the origin and the path (but not the fragment, password, or username). This case is unsafe as it can leak path information that has been concealed to third-party by using TLS.


var iframe = document.createElement("iframe");
iframe.src = "/";
iframe.referrerPolicy = "unsafe-url";
var body = document.getElementsByTagName("body")[0];
body.appendChild(iframe); // Fetch the image using the complete URL as the referrer


Specification Status Comment
Referrer Policy
The definition of 'referrerpolicy attribute' in that specification.
Candidate Recommendation Added the referrerPolicy attribute.

Browser compatibility

We're converting our compatibility data into a machine-readable JSON format. This compatibility table still uses the old format, because we haven't yet converted the data it contains. Find out how you can help!

Feature Chrome Edge Firefox (Gecko) Internet Explorer Opera Safari (WebKit)
Basic support 51 ? 50.0 (50.0) ? 38 ?
Feature Android Android Webview Firefox Mobile (Gecko) IE Phone Opera Mobile Safari Mobile
Basic support 51 51 50.0 (50.0) ? ? ?

See also

Document Tags and Contributors

 Contributors to this page: jpmedley, Rob W, fscholz, teoli, ziyunfei
 Last updated by: jpmedley,