©
本文檔使用php中文網手册發布
所述Referrer-Policy
HTTP 标头支配其引荐信息,在所发送的Referer
报头,应包含的请求。
Header type |
Response header |
---|---|
Forbidden header name |
no |
请注意,这Referer
实际上是“推荐人”一词的拼写错误。该Referrer-Policy
头不同意这一拼写错误。
Referrer-Policy: no-referrer Referrer-Policy: no-referrer-when-downgrade Referrer-Policy: origin Referrer-Policy: origin-when-cross-origin Referrer-Policy: same-origin Referrer-Policy: strict-origin Referrer-Policy: strict-origin-when-cross-origin Referrer-Policy: unsafe-url
Referer
头将被完全省略。没有引用信息与 requests.no-referrer-when-downgrade 一起发送(默认)如果没有指定策略,这是用户代理的默认行为。原始地址作为引用来源发送到先验为多安全目的地(HTTPS-> HTTPS),但不会发送到安全性较低的目标(HTTPS-> HTTP)。原始只发送文档的来源作为引用者在所有情况下。
文档https://example.com/page.html
将发送引用者https://example.com/
.origin-when-cross-origin 在执行同源请求时发送完整的 URL,但仅将文档的来源发送给其他案例 .same-origin 将引用同一站点源的引用来源,但交叉源请求将不包含引用信息。严格来源仅将文档的来源作为引荐来源发送到先验为安全多目的地(HTTPS-> HTTPS),但不要将其发送到较少安全目标(HTTPS-> HTTP).strict-origin-when-cross-origin 在执行同源请求时发送完整URL,仅将文档的来源发送到先验为多安全目标(HTTPS-> HTTPS),并且不向不太安全的目标发送头(HTTPS-> HTTP).unsafe-url 在执行同源或跨源请求时发送完整的 URL(从参数中剥离)。
此政策会将来自 TLS 保护资源的来源和路径泄漏到不安全的来源。仔细考虑这个设置的影响。
Policy |
Document |
Navigation to |
Referrer |
---|---|---|---|
no-referrer |
https://example.com/page.html |
any domain or path |
no referrer |
no-referrer-when-downgrade |
https://example.com/page.html |
https://example.com/otherpage.html |
https://example.com/page.html |
no-referrer-when-downgrade |
https://example.com/page.html |
https://mozilla.org |
https://example.com/page.html |
no-referrer-when-downgrade |
https://example.com/page.html |
http://example.org |
no referrer |
origin |
https://example.com/page.html |
any domain or path |
https://example.com/ |
origin-when-cross-origin |
https://example.com/page.html |
https://example.com/otherpage.html |
https://example.com/page.html |
origin-when-cross-origin |
https://example.com/page.html |
https://mozilla.org |
https://example.com/ |
origin-when-cross-origin |
https://example.com/page.html |
http://example.com/page.html |
https://example.com/ |
same-origin |
https://example.com/page.html |
https://example.com/otherpage.html |
https://example.com/page.html |
same-origin |
https://example.com/page.html |
https://mozilla.org |
no referrer |
strict-origin |
https://example.com/page.html |
https://mozilla.org |
https://example.com/ |
strict-origin |
https://example.com/page.html |
http://example.org |
no referrer |
strict-origin |
http://example.com/page.html |
any domain or path |
http://example.com/ |
strict-origin-when-cross-origin |
https://example.com/page.html |
https://example.com/otherpage.html |
https://example.com/page.html |
strict-origin-when-cross-origin |
https://example.com/page.html |
https://mozilla.org |
https://example.com/ |
strict-origin-when-cross-origin |
https://example.com/page.html |
http://example.org |
no referrer |
unsafe-url |
https://example.com/page.html |
any domain or path |
https://example.com/page.html |
Specification |
Status |
---|---|
Referrer Policy |
Editor's draft |
Feature |
Chrome |
Firefox |
Edge |
Internet Explorer |
Opera |
Safari |
---|---|---|---|---|---|---|
Basic Support |
56.0 |
50.0 |
(No) |
(No) |
(No) |
(No) |
same-origin |
(No)1 |
52.0 |
(No) |
(No) |
(No) |
(No) |
strict-origin |
(No)1 |
52.0 |
(No) |
(No) |
(No) |
(No) |
strict-origin-when-cross-origin |
(No)1 |
52.0 |
(No) |
(No) |
(No) |
(No) |
Feature |
Android |
Chrome for Android |
Edge mobile |
Firefox for Android |
IE mobile |
Opera Android |
iOS Safari |
---|---|---|---|---|---|---|---|
Basic Support |
56.0 |
(No) |
(No) |
50.0 |
(No) |
(No) |
(No) |
same-origin |
(No) |
(No) |
(No) |
52.0 |
(No) |
(No) |
(No) |
strict-origin |
(No) |
(No) |
(No) |
52.0 |
(No) |
(No) |
(No) |
strict-origin-when-cross-origin |
(No) |
(No) |
(No) |
52.0 |
(No) |
(No) |
(No) |
注意:从版本53开始,Gecko 提供了一个about:config
,允许用户设置其默认值Referrer-Policy
-network.http.referer.userControlPolicy
。可能的值是:
0 —no-referrer
1 —same-origin
2 —strict-origin-when-cross-origin
3 —no-referrer-when-downgrade
(the default)