HTTP参考手册

标题 | Headers

Referrer-Policy

所述Referrer-PolicyHTTP 标头支配其引荐信息，在所发送的Referer报头，应包含的请求。

Header type	Response header
Forbidden header name	no

句法

请注意，这Referer实际上是“推荐人”一词的拼写错误。该Referrer-Policy头不同意这一拼写错误。

Referrer-Policy: no-referrer
Referrer-Policy: no-referrer-when-downgrade
Referrer-Policy: origin
Referrer-Policy: origin-when-cross-origin
Referrer-Policy: same-origin
Referrer-Policy: strict-origin
Referrer-Policy: strict-origin-when-cross-origin
Referrer-Policy: unsafe-url

指令

Referer头将被完全省略。没有引用信息与 requests.no-referrer-when-downgrade 一起发送（默认）如果没有指定策略，这是用户代理的默认行为。原始地址作为引用来源发送到先验为多安全目的地（HTTPS-> HTTPS），但不会发送到安全性较低的目标（HTTPS-> HTTP）。原始只发送文档的来源作为引用者在所有情况下。

文档https://example.com/page.html将发送引用者https://example.com/.origin-when-cross-origin 在执行同源请求时发送完整的 URL，但仅将文档的来源发送给其他案例 .same-origin 将引用同一站点源的引用来源，但交叉源请求将不包含引用信息。严格来源仅将文档的来源作为引荐来源发送到先验为安全多目的地（HTTPS-> HTTPS），但不要将其发送到较少安全目标（HTTPS-> HTTP）.strict-origin-when-cross-origin 在执行同源请求时发送完整URL，仅将文档的来源发送到先验为多安全目标（HTTPS-> HTTPS），并且不向不太安全的目标发送头（HTTPS-> HTTP）.unsafe-url 在执行同源或跨源请求时发送完整的 URL（从参数中剥离）。

此政策会将来自 TLS 保护资源的来源和路径泄漏到不安全的来源。仔细考虑这个设置的影响。

例子

Policy	Document	Navigation to	Referrer
no-referrer	https://example.com/page.html	any domain or path	no referrer
no-referrer-when-downgrade	https://example.com/page.html	https://example.com/otherpage.html	https://example.com/page.html
no-referrer-when-downgrade	https://example.com/page.html	https://mozilla.org	https://example.com/page.html
no-referrer-when-downgrade	https://example.com/page.html	http://example.org	no referrer
origin	https://example.com/page.html	any domain or path	https://example.com/
origin-when-cross-origin	https://example.com/page.html	https://example.com/otherpage.html	https://example.com/page.html
origin-when-cross-origin	https://example.com/page.html	https://mozilla.org	https://example.com/
origin-when-cross-origin	https://example.com/page.html	http://example.com/page.html	https://example.com/
same-origin	https://example.com/page.html	https://example.com/otherpage.html	https://example.com/page.html
same-origin	https://example.com/page.html	https://mozilla.org	no referrer
strict-origin	https://example.com/page.html	https://mozilla.org	https://example.com/
strict-origin	https://example.com/page.html	http://example.org	no referrer
strict-origin	http://example.com/page.html	any domain or path	http://example.com/
strict-origin-when-cross-origin	https://example.com/page.html	https://example.com/otherpage.html	https://example.com/page.html
strict-origin-when-cross-origin	https://example.com/page.html	https://mozilla.org	https://example.com/
strict-origin-when-cross-origin	https://example.com/page.html	http://example.org	no referrer
unsafe-url	https://example.com/page.html	any domain or path	https://example.com/page.html

产品规格

Specification	Status
Referrer Policy	Editor's draft

浏览器兼容性

Feature	Chrome	Firefox	Edge	Internet Explorer	Opera	Safari
Basic Support	56.0	50.0	(No)	(No)	(No)	(No)
same-origin	(No)1	52.0	(No)	(No)	(No)	(No)
strict-origin	(No)1	52.0	(No)	(No)	(No)	(No)
strict-origin-when-cross-origin	(No)1	52.0	(No)	(No)	(No)	(No)

Feature	Android	Chrome for Android	Edge mobile	Firefox for Android	IE mobile	Opera Android	iOS Safari
Basic Support	56.0	(No)	(No)	50.0	(No)	(No)	(No)
same-origin	(No)	(No)	(No)	52.0	(No)	(No)	(No)
strict-origin	(No)	(No)	(No)	52.0	(No)	(No)	(No)
strict-origin-when-cross-origin	(No)	(No)	(No)	52.0	(No)	(No)	(No)

注意：从版本53开始，Gecko 提供了一个about:config，允许用户设置其默认值Referrer-Policy- network.http.referer.userControlPolicy。可能的值是：

0 — no-referrer
1 — same-origin
2 — strict-origin-when-cross-origin
3 — no-referrer-when-downgrade (the default)

标题 | Headers相关

1.Accept
2.Accept-Charset
3.Accept-Encoding
4.Accept-Language
5.Accept-Ranges
6.Access-Control-Allow-Credentials
7.Access-Control-Allow-Headers
8.Access-Control-Allow-Methods
9.Access-Control-Allow-Origin
10.Access-Control-Expose-Headers
11.Access-Control-Max-Age
12.Access-Control-Request-Headers
13.Access-Control-Request-Method
14.Age
15.Allow
16.Authorization
17.Cache-Control
18.Connection
19.Content-Disposition
20.Content-Encoding
21.Content-Language
22.Content-Length
23.Content-Location
24.Content-Range
25.Content-Type
26.Cookie
27.Cookie2
28.Date
29.DNT
30.ETag
31.Expect
32.Expires
33.Forwarded
34.From
35.Headers
36.Host
37.If-Match
38.If-Modified-Since
39.If-None-Match
40.If-Range
41.If-Unmodified-Since
42.Keep-Alive
43.Large-Allocation
44.Last-Modified
45.Location
46.Origin
47.Pragma
48.Proxy-Authenticate
49.Proxy-Authorization
50.Public-Key-Pins
51.Public-Key-Pins-Report-Only
52.Range
53.Referer
54.Retry-After
55.Server
56.Set-Cookie
57.Set-Cookie2
58.SourceMap
59.Strict-Transport-Security
60.TE
61.Tk
62.Trailer
63.Transfer-Encoding
64.Upgrade-Insecure-Requests
65.User-Agent
66.User-Agent: Firefox
67.Vary
68.Via
69.Warning
70.WWW-Authenticate
71.X-Content-Type-Options
72.X-DNS-Prefetch-Control
73.X-Forwarded-For
74.X-Forwarded-Host
75.X-Forwarded-Proto
76.X-Frame-Options
77.X-XSS-Protection

HTTP

超文本传输协议（ HTTP，HyperText Transfer Protocol ) 是互联网上应用最为广泛的一种网络协议。所有的 WWW 文件都必须遵守这个标准。

HTTP目录

1.指南 \| Guides
2.指南：基础 \| Guides: Basics
3.CSP
4.标题 \| Headers
5.方法 \| Methods
6.RFC 2616: HTTP/1.1
7.RFC 4918: WebDAV
8.RFC 5023: The Atom Publishing Protocol
9.RFC 7230: Message Syntax and Routing
10.RFC 7231: Semantics and Content
11.RFC 7232: Conditional Requests
12.RFC 7233: Range Requests
13.RFC 7234: Caching
14.RFC 7235: Authentication
15.状态 \| Status
16.HTTP 请求方法
17.HTTP状态码
18.HTTP 响应头信息
19.HTTP 教程