这篇翻译不完整。请帮忙从英语翻译这篇文章

 

Referrer-Policy 首部用来监管哪些访问来源信息——会在 Referer  中发送——应该被包含在生成的请求当中。

Header type Response header
Forbidden header name no

语法

注意 Referer 实际上是单词 "referrer" 的错误拼写。Referrer-Policy 这个首部并没有延续这个错误拼写。

Referrer-Policy: no-referrer
Referrer-Policy: no-referrer-when-downgrade
Referrer-Policy: origin
Referrer-Policy: origin-when-cross-origin
Referrer-Policy: same-origin
Referrer-Policy: strict-origin
Referrer-Policy: strict-origin-when-cross-origin
Referrer-Policy: unsafe-url

指令

no-referrer
整个 Referer  首部会被移除。访问来源信息不随着请求一起发送。
no-referrer-when-downgrade (默认值)
在没有指定任何策略的情况下用户代理的默认行为。在同等安全级别的情况下,引用页面的地址会被发送(HTTPS->HTTPS),但是在降级的情况下不会被发送 (HTTPS->HTTP)。
origin
在任何情况下,仅发送文件的源作为引用地址。例如  https://example.com/page.html 会将 https://example.com/ 作为引用地址。
origin-when-cross-origin
对于同源的请求,会发送完整的URL作为引用地址,但是对于非同源请求仅发送文件的源。
same-origin
对于同源的请求会发送引用地址,但是对于非同源请求则不发送引用地址信息。
strict-origin
在同等安全级别的情况下,发送文件的源作为引用地址(HTTPS->HTTPS),但是在降级的情况下不会发送 (HTTPS->HTTP)。
strict-origin-when-cross-origin
对于同源的请求,会发送完整的URL作为引用地址;在同等安全级别的情况下,发送文件的源作为引用地址(HTTPS->HTTPS);在降级的情况下不发送此首部 (HTTPS->HTTP)。
unsafe-url
无论是同源请求还是非同源请求,都发送完整的 URL(移除参数信息之后)作为引用地址。
这项设置会将受 TLS 安全协议保护的资源的源和路径信息泄露给非安全的源服务器。进行此项设置的时候要慎重考虑。

示例

Policy Document Navigation to Referrer
no-referrer https://example.com/page.html any domain or path no referrer
no-referrer-when-downgrade https://example.com/page.html https://example.com/otherpage.html https://example.com/page.html
no-referrer-when-downgrade https://example.com/page.html https://mozilla.org https://example.com/page.html
no-referrer-when-downgrade https://example.com/page.html http://example.org no referrer
origin https://example.com/page.html any domain or path https://example.com/
origin-when-cross-origin https://example.com/page.html https://example.com/otherpage.html https://example.com/page.html
origin-when-cross-origin https://example.com/page.html https://mozilla.org https://example.com/
origin-when-cross-origin https://example.com/page.html http://example.com/page.html https://example.com/
same-origin https://example.com/page.html https://example.com/otherpage.html https://example.com/page.html
same-origin https://example.com/page.html https://mozilla.org no referrer
strict-origin https://example.com/page.html https://mozilla.org https://example.com/
strict-origin https://example.com/page.html http://example.org no referrer
strict-origin http://example.com/page.html any domain or path http://example.com/
strict-origin-when-cross-origin https://example.com/page.html https://example.com/otherpage.html https://example.com/page.html
strict-origin-when-cross-origin https://example.com/page.html https://mozilla.org https://example.com/
strict-origin-when-cross-origin https://example.com/page.html http://example.org no referrer
unsafe-url https://example.com/page.html any domain or path https://example.com/page.html

规范

规范 状态
Referrer Policy 草稿

浏览器兼容性

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidiOS SafariSamsung Internet
Basic supportChrome Full support 56Edge No support NoFirefox Full support 50IE No support NoOpera No support NoSafari No support NoWebView Android Full support 56Chrome Android Full support 56Edge Mobile No support NoFirefox Android Full support 50Opera Android No support NoSafari iOS No support NoSamsung Internet Android Full support 6.0
same-originChrome Full support 61Edge No support NoFirefox Full support 52IE No support NoOpera Full support 48Safari No support NoWebView Android Full support 61Chrome Android Full support 61Edge Mobile No support NoFirefox Android Full support 52Opera Android Full support 48Safari iOS No support NoSamsung Internet Android No support No
strict-originChrome Full support 61Edge No support NoFirefox Full support 52IE No support NoOpera Full support 48Safari No support NoWebView Android Full support 61Chrome Android Full support 61Edge Mobile No support NoFirefox Android Full support 52Opera Android Full support 48Safari iOS No support NoSamsung Internet Android No support No
strict-origin-when-cross-originChrome Full support 61Edge No support NoFirefox Full support 52IE No support NoOpera Full support 48Safari No support NoWebView Android Full support 61Chrome Android Full support 61Edge Mobile No support NoFirefox Android Full support 52Opera Android Full support 48Safari iOS No support NoSamsung Internet Android No support No

Legend

Full support  
Full support
No support  
No support

注意: 从版本 53 起,Gecko 在 about:config 中提供了一项偏好设置,使得用户可以自行设定默认的 Referrer-Policy 值 —— network.http.referer.userControlPolicy 。可选的值包括:

  • 0 — no-referrer
  • 1 — same-origin
  • 2 — strict-origin-when-cross-origin
  • 3 — no-referrer-when-downgrade (the default)

相关内容

文档标签和贡献者

此页面的贡献者: WeihanLi, WayneCui
最后编辑者: WeihanLi,