Use this for questions related to the Referrer-Policy HTTP header and the meta name="referrer" element, for strict-origin-when-cross-origin errors, and for cases where the Referer HTTP header is missing from a request. The Referrer-Policy header and name="referrer" HTML meta element control whether the Referer request header is sent in a request at all — and if it is sent, what the Referer value will be set to.
Questions tagged [referrer-policy]
71 questions
198
votes
5 answers
In what cases will HTTP_REFERER be empty
I know it's possible to get an empty HTTP_REFERER. Under what circumstances does this happen? If I get an empty one, does it always mean that the user changed it? Is getting an empty one the same as getting a null one? and under what circumstances…
sameold
- 18,400
- 21
- 63
- 87
71
votes
10 answers
Remove http referer
Is it a way to remove or hide http referer information in request header?
i want to remove http referrer information of users who goes to other site from my site using a script possibly in javascript python or django
example:
Host …
shiva
- 2,674
- 4
- 23
- 37
22
votes
1 answer
New CORS policy for Instagram public API?
I am using these endpoints with JavaScript Ajax to get Instagram user information and…
I. Sen
- 250
- 1
- 2
- 11
21
votes
6 answers
error int the Failed to set referrer policy
I'm getting the following error in my chrome console for a Wordpress site I'm working on.
Failed to set referrer policy: The
value 'http://example.com/comic/' is not one of 'always', 'default',
'never', 'no-referrer',…
Holly
- 7,462
- 23
- 86
- 140
13
votes
3 answers
How to set Referrer Policy with nginx
My CMS(https) and image server(http) is separate. I have setup my image server so that it only can serve to whitelisted referrer pages. Now my issue is how do I allow the CMS server to send response header to the image server so the CMS can display…
Maca
- 1,659
- 3
- 18
- 42
10
votes
4 answers
In what cases HTTP referer will be truncated
I'm trying to understand the behavior of HTTP referer header. I noticed that sometimes the referer is full (full URL, including path and query string) but mostly it includes the domain only.
For example 'https://www.google.com/' instead of…
danieln
- 4,795
- 10
- 42
- 64
7
votes
3 answers
Strip out referers from script src
I'm doing a remote script-src
I don't want to send my http referer headers to thirdparty.com. How do I do it?
Alagu
- 2,864
- 3
- 26
- 40
6
votes
1 answer
aws s3 bucket getting Referrer Policy: strict-origin-when-cross-origin
so we are using an S3 bucket and when try and get a resource I get in Chrome:
Referrer Policy: strict-origin-when-cross-origin
I have already applied to S3 bucket:
[
{
"AllowedHeaders": [
"*"
],
…
born2net
- 24,129
- 22
- 65
- 104
5
votes
0 answers
How to set the Referrer-Policy HTTP header with the Angular HTTP Client?
How can we set the Referrer-Policy HTTP header when using Angular's HTTP Client?
I've tried setting it below but it does not work:
let headers = new HttpHeaders();
headers = headers.set('Referrer-Policy', 'no-referrer');
this.httpClient.get(url, {…
Brendan
- 834
- 1
- 9
- 20
5
votes
3 answers
Why isn't the the Referer header removed for Google HTTPS -> HTTP?
Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.”
https://www.rfc-editor.org/rfc/rfc2616#section-15.1.3
According to the standard, https://google.com…
sissonb
- 3,730
- 4
- 27
- 54
4
votes
1 answer
What does the Angular "strict-origin-when-cross-origin" Error mean?
From my app I want to reach an api. The curl request is:
curl --request POST https://... --header 'Authorization: Token ...' --header 'Accept: application/csv' --header 'Content-type: application/vnd.flux' --data '...'
It works and…
John F.
- 67
- 1
- 1
- 6
4
votes
1 answer
Referrer policy hide the referrer of self-signed certificates
I can't seem to get the referrer on a 3rd party XHR request to a development server with a self-signed certificate.
After complying to chrome's use of SAN instead of CN and registering my self-signed localhost certificate, I got the green dot for…
Eran Betzalel
- 4,105
- 3
- 38
- 66
3
votes
1 answer
CORS ERROR strict-origin-when-cross-origin Cloudflare + Apache + Proxy + NodeJs
I have an apache proxy that stay behind cloudflare
This is the scenario
World -> Cloudflare Https -> Apache -> PHP
World -> Cloudflare Https -> Apache/Proxy -> NodeJS
In my apache i put this configuration
…
Sano
- 469
- 2
- 6
- 21
3
votes
1 answer
Request Error: 'Referrer Policy: strict-origin-when-cross-origin' in Angular when build in --prod mode
I deployed my Angular application to https domain. And the API domain is http.
When I build my Angular app using --prod I got an error in requests that Referrer Policy: strict-origin-when-cross-origin, However when I build without --prod the…
Ahmed Ibrahim
- 256
- 1
- 2
- 12
3
votes
1 answer
how to change referrer-policy in react js
I want to change referral policy in chrome the default policy for new update in chrome is strict-origin-when-cross-origin I need to change it to no-referrer-when-downgrade
I am using reactjs how can I change the policy
THank you
Kamalesh A
- 31
- 1
- 2