Skip to content
Middleware to set the Referrer-Policy HTTP header
TypeScript
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
test Use eslint-config-helmet May 4, 2019
.eslintignore Use eslint-config-helmet May 4, 2019
.eslintrc.json Use eslint-config-helmet May 4, 2019
.gitignore
.travis.yml Stop testing on Node 4, start testing on Node 10 Feb 7, 2019
CHANGELOG.md Update readme to add example for setting multiple values May 3, 2019
LICENSE
README.md Update readme to add example for setting multiple values May 3, 2019
index.ts Use eslint-config-helmet May 4, 2019
package-lock.json Update devDependencies to latest versions Dec 28, 2019
package.json Update devDependencies to latest versions Dec 28, 2019
tsconfig.json Remove source maps May 3, 2019

README.md

Referrer Policy

Build Status

The Referer HTTP header is typically set by web browsers to tell the server where it's coming from. For example, if you click a link on example.com/index.html that takes you to wikipedia.org, Wikipedia's servers will see Referer: example.com. This can have privacy implications—websites can see where you are coming from. The new Referrer-Policy HTTP header lets authors control how browsers set the Referer header.

Read the spec to see the options you can provide.

Usage:

const referrerPolicy = require('referrer-policy')

app.use(referrerPolicy({ policy: 'same-origin' }))
// Referrer-Policy: same-origin

app.use(referrerPolicy({ policy: 'unsafe-url' }))
// Referrer-Policy: unsafe-url

app.use(referrerPolicy({
  policy: ['no-referrer', 'unsafe-url']
}))
// Referrer-Policy: no-referrer,unsafe-url

app.use(referrerPolicy())
// Referrer-Policy: no-referrer
You can’t perform that action at this time.