Referrer

The Referer (typo of "referrer") HTTP header gives information from which URL a request is coming from.

Response headers

`Referrer-Policy`

Controls how much referrer information (sent in the Referer header) should be included with requests.

No referrer

no-referrer — Don't send referer.
no-referrer-when-downgrade — Don't send referer if we are making request to less secure protocol (i.e. HTTPS to HTTP). Otherwise, send origin, path, and querystring as Referer.

Origin

origin ("origin only") — Only send origin as Referer
same-origin ("when same-origin, origin only") — Only send origin as Referer when making same-origin requests. Otherwise, don't send referer.
origin-when-cross-origin ("when cross-origin, origin only") — Send origin, path, and querystring as Referer when making same-origin requests. Otherwise, only send origin as Referer when making cross-origin request.

Strict origin

strict-origin — Only send origin as Referer when the protocol security level is at least the same. Otherwise, don't send referer.
strict-origin-when-cross-origin — (1) Only send origin as Referer when making cross-origin request and the protocol security level is at least the same. (2) Send origin, path, and querystring as Referer when making same-origin request and the protocol security level is at least the same. (3) Otherwise, don't send referer.

Unsafe URL

unsafe-url — Send origin, path, and querystring as Referer. (May leak private data over insecure HTTP.)

Referrer-Policy: no-referrer
Referrer-Policy: no-referrer-when-downgrade
Referrer-Policy: origin
Referrer-Policy: same-origin
Referrer-Policy: origin-when-cross-origin
Referrer-Policy: strict-origin
Referrer-Policy: strict-origin-when-cross-origin
Referrer-Policy: unsafe-url

Request headers

`Referer`

Identifies from where the request is coming:

when following a link, this is the address of the page containing the link
when making a request, this is the address of the page firing the request

Can be an absolute or relative path. URL fragments (i.e. #section) and userinfo (i.e. username:password) are not included.

Referer: https://developer.mozilla.org/en-US/docs/Web/JavaScript
Referer: https://example.com/page?q=123
Referer: https://example.com/

References

Referer (MDN) — https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer
Referrer-Policy (MDN) — https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy