← Back to Security Headers

Referrer-Policy

Controls how much referrer information is sent with requests.

Referrer-Policy

Purpose

Protects user privacy by controlling what referrer information is leaked to third parties.

Implementation

Set the desired policy:

```
Referrer-Policy: strict-origin-when-cross-origin
```

Examples

no-referrer
strict-origin-when-cross-origin
same-origin
origin

Best Practices

✓Use strict-origin-when-cross-origin for balance
✓Use no-referrer for maximum privacy
✓Consider same-origin for internal sites

Common Mistakes

✗Not setting the header
✗Using unsafe-url
✗Inconsistent policies across pages

References

MDN Web Docs →

Test Your Configuration

Run a free security scan to check if Referrer-Policy is properly configured on your site.