HTML <script> referrerpolicy Attribute
The HTML <script> referrerpolicy Attribute is used to specify the reference information that will be sent to the server when fetching the script.
<script referrerpolicy="no-referrer|no-referrer-when-downgrade| origin|origin-when-cross-origin|same-origin| strict-origin-when-cross-origin|unsafe-url">
- no-referrer: It specifies that no reference information will be sent along with a request.
- no-referrer-when-downgrade: It has a default value. It specifies that refer header will not be sent to origins without HTTPS.
- origin: It specifies to send the origin of the document as the referrer in all cases.
- origin-when-cross-origin: It sends the origin, path, and query string when performing a same-origin request, but only send the origin of the document for other cases.
- same-origin: It specifies that the referrer will be sent for same-site origins, but cross-origin requests will send no referrer information.
- strict-origin-when-cross-origin: It sends the origin, path, and query string when performing a same-origin request, only sends the origin when the protocol security level stays the same while performing a cross-origin request (HTTPS/HTTPS), and send no header to any less-secure destinations (HTTPS/HTTP).
- unsafe-url: It sends origin. path and query string but not include fragment, password and username.
Example: Below code illustrates the use of referrerpolicy attribute in <script> element.
- Google Chrome 70.0
- Firefox 65.0
- Internet Explorer Not Supported
- Opera 57.0
- Safari 14.0
- Edge 79.0