This is an experimental technology
Because this technology's specification has not stabilized, check the compatibility table for the proper prefixes to use in various browsers. Also note that the syntax and behavior of an experimental technology is subject to change in future versions of browsers as the spec changes.
The HTMLIFrameElement.referrerPolicy property reflect the HTML referrer attribute of the <iframe> element defining which referrer is sent when fetching the resource.
Syntax
refStr = iframeElt.referrerPolicy; iframeElt.referrerPolicy = refStr;
Values
-
"no-referrer"meaning that theReferer:HTTP header will not be sent."origin"meaning that the referrer will be the origin of the page, that is roughly the scheme, the host and the port."unsafe-url"meaning that the referrer will include the origin and the path (but not the fragment, password, or username). This case is unsafe as it can leak path information that has been concealed to third-party by using TLS.
Examples
var iframe = document.createElement("iframe");
iframe.src = "/";
iframe.referrerPolicy = "unsafe-url";
var body = document.getElementsByTagName("body")[0];
body.appendChild(iframe); // Fetch the image using the complete URL as the referrer
Specifications
| Specification | Status | Comment |
|---|---|---|
| Referrer Policy The definition of 'referrerpolicy attribute' in that specification. |
Working Draft | Added the referrerPolicy attribute. |
Browser compatibility
| Feature | Chrome | Edge | Firefox (Gecko) | Internet Explorer | Opera | Safari (WebKit) |
|---|---|---|---|---|---|---|
| Basic support | ? | ? | 42.0 (42.0) [1] | ? | ? | ? |
| Feature | Android | Firefox Mobile (Gecko) | IE Phone | Opera Mobile | Safari Mobile |
|---|---|---|---|---|---|
| Basic support | ? | 42.0 (42.0) [1] | ? | ? | ? |
[1] Behind the network.http.enablePerElementReferrer preference, that default to false. From Firefox 42 to 44 include this property was called referrer.