Referrer Policy Header Test

What is the Referrer Policy Test Tool?

Domsignal Referrer Policy Test tool allows you to quickly check if your website has a properly configured Referrer Policy header. This header is crucial for controlling the amount of information shared with referred websites.

What is the Referrer Policy Header?

When a user clicks a link on your website, their browser sends 'referrer' information to the destination site. This information reveals the previous page the user visited. The Referrer Policy header dictates how much of this information is shared.

It's a security and privacy feature that allows you to control the 'Referrer' HTTP response header.

Why is the Referrer Policy Important?

There are two important reasons:

• Privacy: By controlling referrer data, you can prevent sensitive information from being shared with third-party websites. For example, you might not want to reveal the specific page a user visited on your site if it contains personal or confidential data.
• Security: Limiting referrer information can also help mitigate certain security risks, such as preventing malicious websites from exploiting referrer data for attacks. Or, protecting sensitive URLs. For example, a URL containing a session ID.

What are the available Referrer Policy Options?

The following are common Referrer Policy options.

• no-referrer: Prevents any referrer information from being sent. Use this when dealing with user sensitive data.
• no-referrer-when-downgrade: Sends referrer information only when navigating from HTTPS to HTTPS.
• same-origin: Sends referrer information only when navigating within the same website. Use this if you want to track internal webpage click within your website.
• origin: Sends only the origin (domain) of the website as referrer information.
• strict-origin: Sends only the origin when the security level stays the same.
• origin-when-cross-origin: Sends the origin when navigating to other sites.
• strict-origin-when-cross-origin: Sends the origin when navigating cross-origin with the same security level. This is a common option and widely used.
• unsafe-url: Sends the full URL as referrer information (not recommended).

How to Implement the Referrer Policy Header?

If you are using Apache HTTP on a cloud server, VPS or dedicated server where you have full access, you can add the following within VirtualHost in httpd.conf or apache2.conf file.

Header always set Referrer-Policy "strict-origin-when-cross-origin"

Save the file and restart the Apache web server.

And, for Nginx, you can add the following inside the server block in nginx.conf file.

add_header Referrer-Policy "strict-origin-when-cross-origin" always;

Save the file and restart Nginx web server.

If you are on shared hosting, you can add the following .htaccess file

<IfModule mod_headers.c>

Header always set Referrer-Policy "strict-origin-when-cross-origin"

</IfModule>

You don’t need to restart anything when you modify .htaccess file.