HTMLScriptElement.referrerPolicy

The referrerPolicy property of the HTMLScriptElement interface reflects the HTML referrerpolicy of the <script> element and fetches made by that script, defining which referrer is sent when fetching the resource.

Syntax

refStr = scriptElem.referrerPolicy;
scriptElem.referrerPolicy = refStr;

Value

A DOMString; one of the following:

no-referrer
The Referer header will be omitted entirely. No referrer information is sent along with requests.
no-referrer-when-downgrade (default)
This is the user agent's default behavior if no policy is specified. The URL is sent as a referrer when the protocol security level stays the same (e.g.HTTP→HTTP, HTTPS→HTTPS), but isn't sent to a less secure destination (e.g. HTTPS→HTTP).
origin
Only send the origin of the document as the referrer in all cases.
The document https://example.com/page.html will send the referrer https://example.com/.
origin-when-cross-origin
Send a full URL when performing a same-origin request, but only send the origin of the document for other cases.
same-origin
A referrer will be sent for same-site origins, but cross-origin requests will contain no referrer information.
strict-origin
Only send the origin of the document as the referrer when the protocol security level stays the same (e.g. HTTPS→HTTPS), but don't send it to a less secure destination (e.g. HTTPS→HTTP).
strict-origin-when-cross-origin
Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (e.g. HTTPS→HTTPS), and send no header to a less secure destination (e.g. HTTPS→HTTP).
unsafe-url
Send a full URL when performing a same-origin or cross-origin request. This policy will leak origins and paths from TLS-protected resources to insecure origins. Carefully consider the impact of this setting.

Note: An empty string value ("") is both the default value, and a fallback value if referrerpolicy is not supported. If referrerpolicy is not explicitly specified on the <script> element, it will adopt a higher-level referrer policy, i.e. one set on the whole document or domain. If a higher-level policy is not available, the empty string is treated as being equivalent to no-referrer-when-downgrade.

Examples

var scriptElem = document.createElement("script");
scriptElem.src = "/";
scriptElem.referrerPolicy = "unsafe-url";
document.body.appendChild(script);

Specifications

Specification Status Comment
Referrer Policy
The definition of 'referrerpolicy attribute' in that specification.
Candidate Recommendation Added the referrerPolicy attribute.
HTML Living Standard
The definition of 'HTMLScriptElement: referrerPolicy' in that specification.
Living Standard  

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
referrerPolicyChrome Full support 70Edge ? Firefox Full support 65IE No support NoOpera Full support YesSafari No support NoWebView Android Full support 70Chrome Android Full support 70Firefox Android Full support 65Opera Android Full support YesSafari iOS No support NoSamsung Internet Android ?

Legend

Full support  
Full support
No support  
No support
Compatibility unknown  
Compatibility unknown

See also