The Referer request header contains the address of the page making the request. When following a link, this would be the url of the page containing the link. When making AJAX requests to another domain, this would be your page's url. The Referer header allows servers to identify where people are visiting them from and may use that data for analytics, logging, or optimized caching, for example.

Important: Although this header has many innocent uses it can have undesirable consequences for user security and privacy. See Referer header: privacy and security concerns for more information and mitigations.

Note that referer is actually a misspelling of the word "referrer". See HTTP referer on Wikipedia for more details.

A Referer header is not sent by browsers if:

  • The referring resource is a local "file" or "data" URI.
  • An unsecured HTTP request is used and the referring page was received with a secure protocol (HTTPS).
Header type Request header
Forbidden header name yes


Referer: <url>


An absolute or partial address of the previous web page from which a link to the currently requested page was followed. URL fragments (i.e. "#section") and userinfo (i.e. "username:password" in "") are not included.




Specification Title
RFC 7231, section 5.5.2: Referer Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

Browser compatibility

BCD tables only load in the browser

See also