The Referrer Policy is a security mechanism that allows websites to control the information shared with target sites when a user moves from one page to another. This policy is crucial for protecting personal and sensitive user data, while also helping web administrators maintain control over how their sites are linked to others.
What is a Referrer and Why is it Important?
A referrer is an HTTP header that informs the target server about the URL of the page from which the user was redirected. This information can be used for analytical purposes but can also contain sensitive data that should not be shared with third parties.
Options for Setting Referrer Policy
The Referrer Policy offers several directives that determine what information will be provided in the form of a referrer:
- no-referrer: No referrer information will be provided.
- no-referrer-when-downgrade: The referrer will only be sent if there is no change in protocol from HTTPS to HTTP.
- origin: Only the original domain will be provided as a referrer.
- origin-when-cross-origin: Full URL will be provided when accessing the same origin, only the original domain when transitioning to another origin.
- same-origin: The referrer will only be provided when accessing the same origin.
- strict-origin: Similar to
origin
, but ensures that the referrer will not be provided when downgrading from HTTPS to HTTP. - strict-origin-when-cross-origin: Combines
origin-when-cross-origin
andstrict-origin
. - unsafe-url: Provides the full URL as a referrer regardless of the security of the transmission.
Implementation of Referrer Policy
To set the Referrer Policy, a webmaster can use several methods:
- HTML meta tag: By adding the meta tag
<meta name="referrer" content="no-referrer">
to the header of the HTML document. - HTTP headers: By setting the
Referrer-Policy
header in server responses, for example,Referrer-Policy: origin-when-cross-origin
. - Rel attribute in links: For specific links, the policy can be set using the
rel="noreferrer"
attribute.
Recommendations for Choosing the Right Referrer Policy
The choice of the right Referrer Policy depends on the specific needs of the website and the sensitivity of the information the site processes. Generally, it is advisable to prefer safer settings, such as strict-origin-when-cross-origin
, to ensure that sensitive information is not carelessly shared.
The Referrer Policy is an important tool for improving the security of websites and protecting user data. By choosing and implementing this policy correctly, webmasters can significantly contribute to ensuring user privacy and strengthening trust in their website.