Secure HTTP Header Setting: Secure Referrer Policy
Secure HTTP Header Setting: Secure Referrer Policy
Description
Referrer Policy: The Referrer Policy controls the behavior of the Referer header, which indicates the origin or web page URL from which the request was made. A secure Referrer Policy helps protect user privacy by controlling what information is sent to third-party sites.
A secure implementation of the Referrer Policy is important to avoid leaking user information. The following configurations are recommended:
- No Referrer
(no-referrer): This policy completely hides the referring URL when navigating to another page, providing the highest level of privacy. - Origin Only (origin): This policy sends only the origin (protocol + domain + port) of the referring page, excluding the path and query parameters.
- Same Origin (same-origin): This policy sends the full URL as the referrer for same-origin requests but only sends the origin for cross-origin requests.
- Strict Origin When Cross-Origin (strict-origin-when-cross-origin): This policy sends the full URL for same-origin requests, but only sends the origin for cross-origin requests made from a secure connection to a non-secure connection.
Implementing one of these policies enhances user privacy and security.
Recommendation
The implementation is secure, no recommendations apply.