Test Referrer-Policy header values and their privacy impact.
Select a referrer policy and click a link to see what referrer is sent.
Tip: Open DevTools Network tab before clicking. Look for the "Referer" request header to see what was sent.
no-referrerHigh PrivacyNever send the Referer header
https://example.com/page → (nothing)
no-referrer-when-downgradeLow PrivacySend full URL unless going from HTTPS to HTTP
https://example.com/page → https://example.com/page
originMediumSend only the origin (domain), not the path
https://example.com/page → https://example.com/
origin-when-cross-originMediumFull URL for same-origin, origin only for cross-origin
Cross-origin: https://example.com/page → https://example.com/
same-originHigh PrivacySend full URL only for same-origin requests
Cross-origin: (nothing)
strict-originMediumSend origin only, but not on HTTPS→HTTP
https://example.com/page → https://example.com/
strict-origin-when-cross-originMediumFull URL for same-origin, origin for cross-origin (default)
Default browser policy for most browsers
unsafe-urlLow PrivacyAlways send full URL (including path and query)
https://example.com/secret?token=123 → https://example.com/secret?token=123
Referrer-Policy: strict-origin-when-cross-origin
<meta name="referrer" content="strict-origin-when-cross-origin">
<a href="https://example.com" referrerpolicy="no-referrer">Link</a>