The HTML <iframe> referrerpolicy attribute is used to specify the reference information that will be sent when fetching the result.
- no-referrer: It specifies that no reference information will be sent along with a request.
- no-referrer-when-downgrade: It has a default value. It specifies that refer header will not be sent to origins without HTTPS.
- origin: It specifies to only send the origin of the document as the referrer in all cases.
- origin-when-cross-origin: It sends the origin, path, and query string when performing a same-origin request, but only send the origin of the document for other cases.
- same-origin: It specifies that the referrer will be sent for same-site origins, but cross-origin requests will send no referrer information.
- strict-origin: It only sends the origin of the document as the referrer when the protocol security level stays the same (HTTPS/HTTPS), but don’t send it to a less secure destination (HTTPS/HTTP).
- strict-origin-when-cross-origin: It sends the origin, path, and querystring when performing a same-origin request, only send the origin when the protocol security level stays the same while performing a cross-origin request (HTTPS/HTTPS), and send no header to any less-secure destinations (HTTPS/HTTP).
Supported Browsers: The browser supported by HTML iframe referrerpolicy attribute are listed below:
- Google Chrome
- Internet Explorer