Referrer-Policy

Anatoly Oshmanovsky

HTTP Headers Advanced Health Score PageSpeed Security SEO Audit Redirect Chain Broken Links HTTP/2 & HTTP/3 HAR Analyzer HTTP Status Code Checker HTTP Compare

DNS DNS Propagation MX Lookup WHOIS Subdomains Reverse IP CMS Detector Tech Stack Detector Screenshot

Ping Traceroute IP ASN Lookup Online Port Scanner API Latency

SSL CSP CORS Cookie Mixed Content Malware Spam Lists IP Abuse Check RKN Check

Email Deliverability Email Headers SMTP Relay Test DKIM Generator

Schema Checker OG Preview Keywords Robots.txt Site Comparison AI Readiness llms.txt Carbon

Formatter JWT Decoder Cron Tester TTL Calculator IP/CIDR Calculator Uptime / SLA Calculator Downtime Cost Batch Heartbeat

All Tools → Articles Contact Help

Pricing RU Sign In

Site Analysis

(12)

HTTP Headers Advanced Health Score PageSpeed Security SEO Audit Redirect Chain Broken Links HTTP/2 & HTTP/3 HAR Analyzer HTTP Status Code Checker HTTP Compare

Domain & DNS

(9)

DNS DNS Propagation MX Lookup WHOIS Subdomains Reverse IP CMS Detector Tech Stack Detector Screenshot

Network

(6)

Ping Traceroute IP ASN Lookup Online Port Scanner API Latency

Security

(9)

SSL CSP CORS Cookie Mixed Content Malware Spam Lists IP Abuse Check RKN Check

(4)

Email Deliverability Email Headers SMTP Relay Test DKIM Generator

SEO & AI

(8)

Schema Checker OG Preview Keywords Robots.txt Site Comparison AI Readiness llms.txt Carbon

Utilities

(9)

Formatter JWT Decoder Cron Tester TTL Calculator IP/CIDR Calculator Uptime / SLA Calculator Downtime Cost Batch Heartbeat

Information

(8)

API Documentation Articles Pricing Help Contact Sign In Sign Up

Home / HTTP Headers / Referrer-Policy

← All HTTP Headers

Security

Controls how much referrer information is included with requests, balancing privacy with analytics needs.

Syntax

Referrer-Policy: no-referrer | same-origin | strict-origin-when-cross-origin

Example

Referrer-Policy: strict-origin-when-cross-origin

Description

The Referrer-Policy header controls what referrer information is sent in the Referer header. Important for privacy and security.

Common values: no-referrer, same-origin, strict-origin-when-cross-origin, no-referrer-when-downgrade.

Recommended: strict-origin-when-cross-origin — prevents leaking URL paths to third-party sites while keeping analytics data.

Check if your website sends this header correctly

Check your headers →

Web Server Security Hardening Checklist: Nginx and Apache

Complete web server hardening checklist for nginx and Apache. File permissions, security headers, TLS configuration, access control, and monitoring.

Security Headers: The Complete Guide

Complete guide to HTTP security headers: CSP, HSTS, X-Frame-Options, Permissions-Policy, CORP, COEP. Configuration and examples.

Analyzing Server Response Headers: What They Reveal About a Website

A detailed guide to HTTP headers: Cache-Control, ETag, Server, CORS, and security headers. How to read and optimize response headers.

Related Headers

Content-Security-Policy

Controls which resources the browser is allowed to load for a page, helping prevent XSS and data injection attacks.

Cross-Origin-Opener-Policy

Isolates the browsing context to prevent cross-origin attacks like Spectre from accessing sensitive data.

Cross-Origin-Resource-Policy

Restricts which origins can load a resource, preventing unauthorized cross-origin reads.

Permissions-Policy

Controls which browser features and APIs can be used on the page, such as camera, microphone, and geolocation.

Strict-Transport-Security

Instructs browsers to only access the site via HTTPS, protecting against protocol downgrade attacks and cookie hijacking.

X-Content-Type-Options

Prevents browsers from MIME-sniffing the content type, reducing the risk of drive-by downloads and XSS attacks.

Related guides

Longer-form reading on this topic from the knowledge base.

→ How to Debug nginx Errors — 2026
→ LRU Cache — Least Recently Used
→ RAG (Retrieval-Augmented Generation)

Automate this check

Set up continuous monitoring and get an alert when something breaks. No manual runs to remember.

Start free

HTTP

Start monitoring for free

Create Account API Documentation

Weekly KB digest 10+ new pages a week — SSL errors, ports, glossary, how-tos. No spam.

Website

enterno.io

Website monitoring and analysis tools

SITE AUDIT HTTP Headers Advanced Health Score PageSpeed Security SEO Audit Redirect Chain Broken Links HTTP/2 & HTTP/3 HAR Analyzer HTTP Status Code Checker HTTP Compare

DNS & DOMAIN DNS Lookup DNS Propagation MX Lookup WHOIS Subdomains Reverse IP CMS Detector Tech Stack Detector Screenshot NETWORK & IP Ping Traceroute IP Geolocation ASN Lookup Online Port Scanner API Latency

SECURITY SSL Check CSP CORS Cookie Mixed Content Malware Spam Lists IP Abuse Check RKN Check EMAIL Email Deliverability Email Headers SMTP Relay Test DKIM Generator

SEO & AI Schema Checker OG Preview Keywords Robots.txt Compare Sites AI Readiness llms.txt Carbon DEV TOOLS Formatter JWT Decoder Cron Tester TTL Calculator IP/CIDR Calculator Uptime / SLA Calculator Downtime Cost Batch Heartbeat

ABOUT About us All Tools Pricing API Documentation MCP Server (Claude Desktop) Articles Help Comparisons Referral Program Contact HTTP Headers Reference HTTP Status Codes SSL Errors TCP/UDP Ports Glossary How-to Guides Research Alternatives

4 769 checks total · 27 active monitors · 17 verified users

PHP 8.4 · Hosted on Selectel

Referrer-Policy

Syntax

Example

Description

Related Articles

Related Headers

Related guides

Automate this check

Related Articles

Server-Sent Events vs WebSockets: Choosing Real-Time Communication

HTTP 404 Not Found Error: 7 Causes and How to Fix

The Complete HTTP Request Lifecycle: From URL to Rendered Page

Start monitoring for free