Specifying default "Referrer-Policy"

Issue #257 resolved
Popoki Tom
repo owner created an issue

From version 53 onwards, Gecko has a pref available in about:config to allow users to set their default Referrer-Policynetwork.http.referer.userControlPolicy (Mozilla bug1304623) -- Possible values are:

  • 0 — no-referrer : The Referer header will be omitted entirely.
  • 1 — same-origin : A referrer will be sent for same-site origins, but cross-origin requests will contain no referrer information.
  • 2 — strict-origin-when-cross-origin : Send a full URL when performing a same-origin request, only send the origin of the document to a-priori as-much-secure destination (HTTPS->HTTPS), and send no header to a less secure destination (HTTPS->HTTP).
  • 3 — no-referrer-when-downgrade (the default) : The origin is sent as referrer to a-priori as-much-secure destination (HTTPS->HTTPS), but isn't sent to a less secure destination (HTTPS->HTTP).

Comments (3)

  1. Log in to comment