How to set Referrer Policy with nginx

Question

My CMS(https) and image server(http) is separate. I have setup my image server so that it only can serve to whitelisted referrer pages. Now my issue is how do I allow the CMS server to send response header to the image server so the CMS can display the images? I have found giving this html meta tag in the html will display the images.

<meta name="referrer" content="origin">

but is it possible to　do this without editing each html page and do this server side? I am on Nginx v1.10.2

score 37 · Answer 1 · answered Apr 17 '17 at 08:55

37

Simply adding below solved my issue.

add_header 'Referrer-Policy' 'origin';

answered Apr 17 '17 at 08:55

Maca

1,659
3
18
42

score 6 · Answer 2 · answered Jul 31 '20 at 11:28

6

You actually dont need quotes on Refferer-Policy if you add the line into default.conf.

add_header Referrer-Policy 'origin'

Here you can also see other values https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

answered Jul 31 '20 at 11:28

Jergus Frajt

61
1
1

1

you do however need to end with a semicolon: `add_header Referrer-Policy 'strict-origin';` – BoDeX Mar 14 '21 at 09:08
That would of landed the correct wave of upvotes. I trust this over all. Thanks! – WLFree Dec 29 '22 at 21:53

score 0 · Answer 3 · answered Jan 09 '23 at 08:17

0

    location / {
        add_header 'Referrer-Policy' 'unsafe-url';
    }

answered Jan 09 '23 at 08:17

Zhou

69
2

2

Could you name the (dis-)advantageous of your solutions compared to the existing answers, please? Any additional explanation could be valuable, I guess. – matheburg Jan 09 '23 at 11:12

How to set Referrer Policy with nginx

3 Answers3

Linked