Stack Overflow
Stack Overflow

Questions tagged [referrer-policy]

Use this for questions related to the Referrer-Policy HTTP header and the meta name="referrer" element, for strict-origin-when-cross-origin errors, and for cases where the Referer HTTP header is missing from a request. The Referrer-Policy header and name="referrer" HTML meta element control whether the Referer request header is sent in a request at all — and if it is sent, what the Referer value will be set to.

71 questions
3
votes
1 answer

How to not include URL query string in HTTP Referrer

What is the best way to ensure that a query string does not get included as part of HTTP Referrer data? I have noticed that some potentially sensitive information (e.g. UTM fields, which do not really require SSL) may otherwise leak. The objective…
Erwin Mayer
  • 18,076
  • 9
  • 88
  • 126
2
votes
2 answers

cors: strict-origin-when-cross-origin: react + nginx + elasticsearch

This afternoon I was make some small adaptations to my react app. However, when trying to fetch information from my elasticsearch server, I receive a strict-origin-when-cross-origin error. I have received CORS errors in the past and was always able…
frankmurphy
  • 194
  • 1
  • 3
  • 13
2
votes
0 answers

How to get referrer policy as strict-origin-when-cross-origin in node js

I have a node js application and I am getting the headers in the browser as below, when I am using the below code. ie when I redirect to an external URL. Request URL: ####### Request Method: GET Status Code: 302 Remote Address:…
Rajitha Ganji IN
  • 79
  • 1
  • 9
2
votes
2 answers

Web Push Php Library Example - Strict Origin When Cross Origin

I used Web Push PHP library https://github.com/Minishlink/web-push-php-example to send push notifications, but I found a problem: Referrer Policy: strict-origin-when-cross-origin For your information, I used PHP --Version PHP 7.2.34 (cgi-fcgi)…
Nere
  • 4,097
  • 5
  • 31
  • 71
2
votes
0 answers

Safari - iOS 13.5.1 - Referrer Policy Issue

Prior to 13.5.1 update on iOS, we were able to remove some required referrers using referrer policy = no referrer option for Safari users. And this was working 100%. However, post 13.5.1 update, we noticed that our referrer policy is no longer…
malania
  • 51
  • 7
2
votes
1 answer

Headers are not setting using Referrer-Policy

I have a domain lets say www.example.com which I am redirecting to www.whatismyreferer.com to check referer. When I redirect the page using PHP headers it shows No referer / hidden in result. I want to set referer as www.example.com on…
denny
  • 111
  • 2
  • 13
2
votes
1 answer

is "referrerpolicy" a valid attribute of ?

Ok 'cause I was seeing on W3Schools and it enlists on the "Attributes" table of element the referrerpolicy attribute. So I want to know if this is possible and how it works.
user11124733
2
votes
2 answers

How to set Firefox referrer to "no-referrer" using PHP Referrer-Policy?

Setting referrer on Chrome using this PHP header will set all page referrers to none/no-referrer: "Referrer-Policy" => "no-referrer" I have a problem to set the same Referrer policy to "no-referrer" on Firefox, because seems the same PHP header…
Drago Dragičević
  • 21
  • 1
  • 2
2
votes
1 answer

How does Google sets HTTP Referrer after a search result click

For example, the first search result on this page leads to the older SO question, with the following HTTP request: GET /questions/4402502/how-does-google-set-the-http-referrer-when-someone-clicks-on-a-search-result-lin HTTP/1.1 Host …
VladV
  • 10,093
  • 3
  • 32
  • 48
1
vote
0 answers

Setting no-referrer no-opener and no-follow using htaccess

I want no-referrer, no-opener and no-follow for globe of my website. For all the pages and URLs. So, I thought doing with .htaccess Here is my code: Header set Referrer-Policy "no-referrer" Header set X-Opener-Policy…
Mehul Kumar
  • 461
  • 8
1
vote
1 answer

third-party JavaScript access to document.location when a restrictive Referrer-Policy is set?

A referrer policy restricts when a Referer header is set on requests and, if the header is allowed, what parts of the referring URL are available. This is a privacy consideration for users. If I'm on one web site, and I follow a link out to…
Armadillo Jim
  • 291
  • 2
  • 7
1
vote
0 answers

How to resolve Strict Origin Error at angular app

I have enabled Cors in ASP.Net Core API but after publishing I am still getting error with strict-origin-when-cross-origin.My Program.cs looks like below. I have tried other ways to add the URL of the client as well. I am not sure what causing this…
Nitin Rastogi
  • 11
  • 1
1
vote
0 answers

How to deal with strict-origin-when-cross-origin error in Vue3 app?

I have an app running on http://localhost:8081, which connects to backend running on http://localhost:8080 (the endpoint which it connects to is exactly on http://localhost:8080/stripe). When I move the backend to heroku, it works fine, but when I…
DuchSuvaa
  • 539
  • 1
  • 5
  • 22
1
vote
1 answer

How to preserve referrer (Referer HTTP header) across subdomains?

I have a website running on www.example.com that makes GET requests to api.example.com to process a form. When I examine web server logs for api.example.com I see that requests from Safari get the full referer (e.g.,…
tinkerr
  • 975
  • 2
  • 14
  • 32
1
vote
1 answer

CORS problem requesting a file (ONLY on Google Chrome)

I have a .Net Core API and a React application using BabylonJs to render some 3D models. On my server side I am storing the 3D models that will be requested by the client to render into the scene. In order to do so I have allowed UseFileServer and…
Botchas
  • 76
  • 5
1
2
3 4 5