Skip to content
Sign up for a GitHub account
You can clone with
Normally, this header is included in most HTTP requests (and
preserved across HTTP-level redirects), except in the following
â After organically entering a new URL into the address bar or
opening a bookmarked page.
â When the navigation originates from a pseudo-URL document, such
â When the request is a result of redirection controlled by the
Refresh header (but not a Location-based one).
â Whenever the referring site is encrypted but the requested page
isnât. According to RFC 2616 section 15.1.2, this is done for
privacy reasons, but it does not make a lot of sense. The
Referer string is still disclosed to third parties when one
navigates from one encrypted domain to an unrelated encrypted
one, and rest assured, the use of encryption is not synonymous
â If the user decides to block or spoof the header by tweaking
browser settings or installing a privacy-oriented plug-in.
Sign up for free
to join this conversation on GitHub
. Already have an account?
Sign in to comment
Something went wrong with that request. Please try again.