Referrer Policy Options

no-referrer

No referrer info sent

Referrer-Policy: no-referrer

no-referrer-when-downgrade

Default browser behavior

Referrer-Policy: no-referrer-when-downgrade

origin

Send only origin (no path)

Referrer-Policy: origin

strict-origin

Origin only on HTTPS→HTTPS

Referrer-Policy: strict-origin

strict-origin-when-cross-origin

Recommended balance

Referrer-Policy: strict-origin-when-cross-origin

Implementation Considerations

  • Analytics Impact: Some analytics tools need referrer data
  • Cross-Origin Resources: May need more permissive policy for CDNs
  • Migration Strategy: Start with strict-origin-when-cross-origin

Advanced Techniques

Meta Tag Fallback

<meta name="referrer" content="strict-origin-when-cross-origin">

Per-Resource Policy

<a href="..." referrerpolicy="no-referrer">Link</a>

Optimize your Referrer-Policy

Our scanner analyzes your referrer leakage and recommends optimal settings.

Analyze Referrer Policy