Slide 20
Slide 20 text
Referrer-Policy
Referrer-Policy: no-referrer No Referer information in any case
Referrer-Policy: no-referrer-when-downgrade Origin, path, query in Referer when HTTP→HTTP,
HTTP→HTTPS, HTTPS→HTTPS
No Referer information when HTTPS→HTTP, HTTPS→file
Referrer-Policy: origin Only Origin
https://example.com/page.html >> https://example.com/
Referrer-Policy: origin-when-cross-origin Origin, path, query in Referer when a same-origin request to the same protocol
Send origin (only) for cross origin requests and requests to less secure destinations.
HTTP Strict Transport Security X-Frame-Options X-Content-Type-Options Referrer-Policy Content-Security-Policy