The Referer header will be omitted entirely. No referrer information is sent along with requests.
"no-referrer-when-downgrade" (default)
This is the user agent's default behavior if no policy is specified. The origin is sent as referrer to a-priori as-much-secure destination (HTTPS->HTTPS), but isn't sent to a less secure destination (HTTPS->HTTP).
"origin"
Only send the origin of the document as the referrer in all cases.
The document https://example.com/page.html will send the referrer https://example.com/.
"origin-when-cross-origin"
Send a full URL when performing a same-origin request, but only send the origin of the document for other cases.
"same-origin"
A referrer will be send for same-site origins, but cross-origin requests will contain no referrer information.
"strict-origin"
Only send the origin of the document as the referrer to a-priori as-much-secure destination (HTTPS->HTTPS), but don't send it to a less secure destination (HTTPS->HTTP).
"strict-origin-when-cross-origin"
Send a full URL when performing a same-origin request, only send the origin of the document to a-priori as-much-secure destination (HTTPS->HTTPS), and send no header to a less secure destination (HTTPS->HTTP).
"unsafe-url"
Send a full URL (stripped from parameters) when performing a a same-origin or cross-origin request.
This policy will leak origins and paths from TLS-protected resources to insecure origins. Carefully consider the impact of this setting.
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Thanks! Please check your inbox to confirm your subscription.
If you haven’t previously confirmed a subscription to a Mozilla-related newsletter you may have to do so. Please check your inbox or your spam filter for an email from us.