HTTP Referer:修订间差异

来自WHY42
Riguz留言 | 贡献
Riguz留言 | 贡献
第25行: 第25行:
Referrer-Policy: strict-origin-when-cross-origin
Referrer-Policy: strict-origin-when-cross-origin
Referrer-Policy: unsafe-url
Referrer-Policy: unsafe-url
</syntaxhighlight>
Also, it's possible to set it in HTML,eg:
<syntaxhighlight lang="bash">
<meta name="referrer" content="origin" />
<a href="http://example.com" referrerpolicy="origin">…</a>
<a href="http://example.com" rel="noreferrer">…</a>
</syntaxhighlight>
</syntaxhighlight>



2023年12月6日 (三) 09:48的版本

The Referer HTTP request header contains the absolute or partial address from which a resource has been requested. The Referer header allows a server to identify referring pages that people are visiting from or where requested resources are being used. This data can be used for analytics, logging, optimized caching, and more[1].

Referer: https://developer.mozilla.org/en-US/docs/Web/JavaScript
Referer: https://example.com/page?q=123
Referer: https://example.com/

主要是以下三种场景,会发送Referer字段[2]

  • 用户点击网页上的链接。
  • 用户发送表单。
  • 网页加载静态资源,比如加载图片、脚本、样式。

Referrer Policy

The original header name Referer is a misspelling of the word "referrer". The Referrer-Policy header does not share this misspelling.

Referrer-Policy: no-referrer
Referrer-Policy: no-referrer-when-downgrade
Referrer-Policy: origin
Referrer-Policy: origin-when-cross-origin
Referrer-Policy: same-origin
Referrer-Policy: strict-origin
Referrer-Policy: strict-origin-when-cross-origin
Referrer-Policy: unsafe-url

Also, it's possible to set it in HTML,eg:

<meta name="referrer" content="origin" />
<a href="http://example.com" referrerpolicy="origin">…</a>
<a href="http://example.com" rel="noreferrer">…</a>

Referer and HTTPS