HTML <script> referrerpolicy attribute
Definition and usage
referrerpolicy The attribute specifies the referrer information to be sent when fetching the script.
Example
To set referrerpolicy for scripts:
<script src="myscripts.js" referrerpolicy="origin"></script>
Syntax
<script referrerpolicy="no-referrer|no-referrer-when-downgrade|origin|origin-when-cross-origin|same-origin|strict-origin-when-cross-origin|unsafe-url">
Attribute value
| Value | Description |
|---|---|
| no-referrer | Do not send referrer information. |
| no-referrer-when-downgrade |
Default value. If the protocol security level remains unchanged or higher (from HTTP to HTTP, from HTTPS to HTTPS, from HTTP to HTTPS is allowed), send the original source, path, and query string. If the protocol security level is low (not allowed from HTTPS to HTTP), do not send any content. |
| origin | Send the document's source (protocol, host, and port). |
| origin-when-cross-origin | For cross-origin requests, send the document's source. For same-origin requests, send the document's source, path, and query string. |
| same-origin | For same-origin requests, send the referrer. For cross-origin requests, do not send the referrer. |
| strict-origin-when-cross-origin |
If the security level of the protocol remains unchanged or higher (from HTTP to HTTP, from HTTPS to HTTPS, and from HTTP to HTTPS), send the source information. For lower security levels (from HTTPS to HTTP), no content is sent. |
| unsafe-url | Send the source, path, and query string (regardless of the security level). Use this value with caution! |
Browser Support
The numbers in the table indicate the first browser version that fully supports this attribute.
| Chrome | Edge | Firefox | Safari | Opera |
|---|---|---|---|---|
| Chrome | Edge | Firefox | Safari | Opera |
| 70.0 | 79.0 | 65.0 | Not Supported | Supported |
