This feature is obsolete. Although it may still work in some browsers, its use is discouraged since it could be removed at any time. Try to avoid using it.
referrer directive used to specify information in the
Referer header (with a single
r as this was a typo in the orignal spec) for links away from a page. This API is deprecated and removed from browsers.
Referrer-Policy header instead.
Content-Security-Policy: referrer <referrer-policy>;
<referrer-policy> can be one of the following values:
Refererheader will be omitted entirely. No referrer information is sent along with requests.
- This is the user agent's default behavior if no policy is specified. The origin is sent as referrer to a-priori as-much-secure destination (HTTPS->HTTPS), but isn't sent to a less secure destination (HTTPS->HTTP).
- Only send the origin of the document as the referrer in all cases.
https://example.com/page.htmlwill send the referrer
- "origin-when-cross-origin" / "origin-when-crossorigin"
- Send a full URL when performing a same-origin request, but only send the origin of the document for other cases.
- Send a full URL (stripped from parameters) when performing a a same-origin or cross-origin request. This policy will leak origins and paths from TLS-protected resources to insecure origins. Carefully consider the impact of this setting.
Content-Security-Policy: referrer "none";
Not part of any specification.
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
|Basic Support||(Yes) — 56.0||37.01||(No)||(No)||(No)||(No)|
|Feature||Android||Chrome for Android||Edge mobile||Firefox for Android||IE mobile||Opera Android||iOS Safari|
|Basic Support||(Yes) — 56.0||(Yes) — 56.0||(No)||37.01||(No)||(No)||(No)|
1. Will be removed, see Bugzilla bug 1302449.