Sitecheck Website checks and monitoring
← Back to glossary

Referrer Policy

Sitecheck Team

An HTTP header and HTML meta attribute that controls how much referrer information is included in requests when a user navigates from your site.

When a user clicks a link, browsers send a Referer header to the destination containing the URL they came from. The Referrer-Policy header lets you control how much of that URL is shared — the full path, just the origin, or nothing at all.

Why it matters: URLs can contain sensitive data (search terms, user IDs, session tokens). Sending them to third-party destinations is a privacy and security risk. Google now recommends strict-origin-when-cross-origin as a sensible default.

Quick tips:

  • Use strict-origin-when-cross-origin as your baseline — it sends the origin for cross-origin requests but the full URL for same-origin requests.
  • Avoid unsafe-url, which sends the full URL to all destinations regardless of security.
  • You can override the policy per-link with the referrerpolicy HTML attribute.

See also: HSTS, CSP, Permissions Policy.