Referrer Policy
Monday 13th March, 2017 09:09 Comments: 0
I recently discovered that there's a new HTTP header that's worth setting. There's a good explanation about the Referrer Policy header by Scott Helme, and there are further details here.
This allows you to carefully control what information is sent by the browser when you browse to another page. I definitely agree with Scott's recommendation that if you're thinking of using "origin" or "origin-when-cross-origin" then consider using "strict-origin" and "strict-origin-when-cross-origin" instead. I don't think I use the header for anything at all, so I'm thinking "strict-origin" might be suitable for my site - although it is tempting to jump straight to "no-referrer".
This allows you to carefully control what information is sent by the browser when you browse to another page. I definitely agree with Scott's recommendation that if you're thinking of using "origin" or "origin-when-cross-origin" then consider using "strict-origin" and "strict-origin-when-cross-origin" instead. I don't think I use the header for anything at all, so I'm thinking "strict-origin" might be suitable for my site - although it is tempting to jump straight to "no-referrer".