Obsolete
This feature is obsolete. Although it may still work in some browsers, its use is discouraged since it could be removed at any time. Try to avoid using it.
The HTTP Content-Security-Policy
(CSP) referrer
directive used to specify information in the Referer
header (with a single r
as this was a typo in the orignal spec) for links away from a page. This API is deprecated and removed from browsers.
Use the Referrer-Policy
header instead.
Content-Security-Policy: referrer <referrer-policy>;
where <referrer-policy>
can be one of the following values:
Referer
header will be omitted entirely. No referrer information is sent along with requests.https://example.com/page.html
will send the referrer https://example.com/
.Content-Security-Policy: referrer "none";
Not part of any specification.
Feature | Chrome | Edge | Firefox | Internet Explorer | Opera | Safari |
---|---|---|---|---|---|---|
Basic support | 33 — 56 | No | 371 | No | Yes — 43 | No |
Feature | Android webview | Chrome for Android | Edge mobile | Firefox for Android | IE mobile | Opera Android | iOS Safari |
---|---|---|---|---|---|---|---|
Basic support | 33 — 56 | 33 — 56 | No | 371 | No | Yes — 43 | No |
1. Will be removed, see Bugzilla bug 1302449.
Content-Security-Policy
Referrer-Policy
headerReferer
header
© 2005–2018 Mozilla Developer Network and individual contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/referrer