1 | Referrer Policy
|
2 | ===============
|
3 | [![Build Status](https://travis-ci.org/helmetjs/referrer-policy.svg?branch=master)](https://travis-ci.org/helmetjs/referrer-policy)
|
4 |
|
5 | The [Referer HTTP header](https://en.wikipedia.org/wiki/HTTP_referer) is typically set by web browsers to tell the server where it's coming from. For example, if you click a link on *example.com/index.html* that takes you to *wikipedia.org*, Wikipedia's servers will see `Referer: example.com`. This can have privacy implications—websites can see where you are coming from. The new [`Referrer-Policy` HTTP header](https://www.w3.org/TR/referrer-policy/#referrer-policy-header) lets authors control how browsers set the Referer header.
|
6 |
|
7 | [Read the spec](https://www.w3.org/TR/referrer-policy/#referrer-policies) to see the options you can provide.
|
8 |
|
9 | Usage:
|
10 |
|
11 | ```javascript
|
12 | const referrerPolicy = require('referrer-policy')
|
13 |
|
14 | app.use(referrerPolicy({ policy: 'same-origin' }))
|
15 | // Referrer-Policy: same-origin
|
16 |
|
17 | app.use(referrerPolicy({ policy: 'unsafe-url' }))
|
18 | // Referrer-Policy: unsafe-url
|
19 |
|
20 | app.use(referrerPolicy())
|
21 | // Referrer-Policy: no-referrer
|
22 | ```
|