| 1 | Referrer Policy
|
| 2 | ===============
|
| 3 | [](https://travis-ci.org/helmetjs/referrer-policy)
|
| 4 |
|
| 5 | The [Referer HTTP header](https://en.wikipedia.org/wiki/HTTP_referer) is typically set by web browsers to tell the server where it's coming from. For example, if you click a link on *example.com/index.html* that takes you to *wikipedia.org*, Wikipedia's servers will see `Referer: example.com`. This can have privacy implications—websites can see where you are coming from. The new [`Referrer-Policy` HTTP header](https://www.w3.org/TR/referrer-policy/#referrer-policy-header) lets authors control how browsers set the Referer header.
|
| 6 |
|
| 7 | [Read the spec](https://www.w3.org/TR/referrer-policy/#referrer-policies) to see the options you can provide.
|
| 8 |
|
| 9 | Usage:
|
| 10 |
|
| 11 | ```javascript
|
| 12 | const referrerPolicy = require('referrer-policy')
|
| 13 |
|
| 14 | app.use(referrerPolicy({ policy: 'same-origin' }))
|
| 15 | // Referrer-Policy: same-origin
|
| 16 |
|
| 17 | app.use(referrerPolicy({ policy: 'unsafe-url' }))
|
| 18 | // Referrer-Policy: unsafe-url
|
| 19 |
|
| 20 | app.use(referrerPolicy())
|
| 21 | // Referrer-Policy: no-referrer
|
| 22 | ```
|