Referer request header contains the address of the page making the request. When following a link, this would be the url of the page containing the link. When making AJAX requests to another domain, this would be your page's url. The
Referer header allows servers to identify where people are visiting them from and may use that data for analytics, logging, or optimized caching, for example.
Important: Although this header has many innocent uses it can have undesirable consequences for user security and privacy. See Referer header: privacy and security concerns for more information and mitigations.
Note that referer is actually a misspelling of the word "referrer". See HTTP referer on Wikipedia for more details.
Referer header is not sent by browsers if:
- The referring resource is a local "file" or "data" URI.
- An unsecured HTTP request is used and the referring page was received with a secure protocol (HTTPS).
|Header type||Request header|
|Forbidden header name||yes|
- An absolute or partial address of the previous web page from which a link to the currently requested page was followed. URL fragments (i.e. "#section") and userinfo (i.e. "username:password" in "https://username:firstname.lastname@example.org/foo/bar/") are not included.
|RFC 7231, section 5.5.2: Referer||Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content|
BCD tables only load in the browser
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.