We're looking for a user researcher to understand the needs of developers and designers. Is this you or someone you know? Check out the post: https://mzl.la/2IGzdXS

I volontari di MDN non hanno ancora tradotto questo articolo in Italiano. Unisciti a noi e traducilo tu stesso.
Puoi anche consultare l’articolo in English (US).

Obsolete
This feature is obsolete. Although it may still work in some browsers, its use is discouraged since it could be removed at any time. Try to avoid using it.

The HTTP Content-Security-Policy (CSP) referrer directive used to specify information in the Referer header (with a single r as this was a typo in the original spec) for links away from a page. This API is deprecated and removed from browsers.

Use the Referrer-Policy header instead.

Syntax

Content-Security-Policy: referrer <referrer-policy>;

where <referrer-policy> can be one of the following values:

"no-referrer"
The Referer header will be omitted entirely. No referrer information is sent along with requests.
"none-when-downgrade"
This is the user agent's default behavior if no policy is specified. The origin is sent as referrer to a-priori as-much-secure destination (HTTPS->HTTPS), but isn't sent to a less secure destination (HTTPS->HTTP).
"origin"
Only send the origin of the document as the referrer in all cases.
The document https://example.com/page.html will send the referrer https://example.com/.
"origin-when-cross-origin" / "origin-when-crossorigin"
Send a full URL when performing a same-origin request, but only send the origin of the document for other cases.
"unsafe-url"
Send a full URL (stripped from parameters) when performing a a same-origin or cross-origin request. This policy will leak origins and paths from TLS-protected resources to insecure origins. Carefully consider the impact of this setting.

Examples

Content-Security-Policy: referrer "none";

Specifications

Not part of any specification.

Browser compatibility

FeatureChromeEdgeFirefoxInternet ExplorerOperaSafari
Basic support33 — 56 No371 No Yes — 43 No
FeatureAndroid webviewChrome for AndroidEdge mobileFirefox for AndroidOpera AndroidiOS SafariSamsung Internet
Basic support33 — 5633 — 56 No371 Yes — 43 No Yes

1. Will be removed, see Bugzilla bug 1302449.

See also

Tag del documento e collaboratori

Hanno collaborato alla realizzazione di questa pagina: infuerno, fscholz, teoli
Ultima modifica di: infuerno,