Referer HTTP request header contains an absolute or partial address of the page making the request. When following a link, this would be the address of the page containing the link. When making resource requests to another domain, this would be the address of the page using the resource. The
Referer header allows servers to identify where people are visiting them from, which can then be used for analytics, logging, optimized caching, and more.
Referer header may not contain URL fragments (i.e. "#section") or "username:password" information. It can potentially contain an origin, path, and querystring. What is sent, if anything, depends on the referrer policy for the request. See
Referrer-Policy for information and examples.
The header name "referer" is actually a misspelling of the word "referrer". See HTTP referer on Wikipedia for more details.
Although this header has many innocent uses it can have undesirable consequences for user security and privacy. See Referer header: privacy and security concerns for more information and mitigations.
|Header type||Request header|
|Forbidden header name||yes|
- An absolute or partial address of the web page making the request. URL fragments (i.e. "#section") and userinfo (i.e. "username:password" in "https://username:email@example.com/foo/bar/") are not included. Origin, path, and querystring may be included, depending on the referrer policy.
|RFC 7231, section 5.5.2: Referer||Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content|
BCD tables only load in the browser