I have a page where I don't want the outbound links to send a referrer so the destination site doesn't know where they came from.
Maybe some clever HTTP status code redirecting kung-fu?
Something like this would be perfect
<a href="example.com" send_referrer="false">link</a>
I was looking for just the same thing, and it seems like this will be a feature of HTML5.
The tag you are looking for is
For anyone who's visiting in 2015 and beyond, there's now a proper solution gaining support.
The HTTP Referrer Policy spec lets you control referrer-sending for links and subresources (images, scripts, stylesheets, etc.) and, at the moment, it's supported on Firefox, Chrome, Opera, and Desktop Safari 11.1.
Edge, IE11, iOS Safari, and desktop versions of Safari prior to 11.1 support an older version of the spec with
default as the options.
According to the spec, these can be supported by specifying multiple policy values. Unrecognized ones will be ignored and the last recognized one will win.
<meta name="referrer" content="never"> <meta name="referrer" content="no-referrer">
Also, if you want to apply it to
video tags which require a
crossorigin attribute, prefer
crossorigin="anonymous" where possible, so that only the absolute minimum (the
Origin header) will be shared.
(You can't get rid of the
Origin header while using CORS because the remote sites need to know what domain is making the request in order to allow or deny it.)
HTML 5 includes
rel="noreferrer", which is supported in all major browsers. So for these browsers, you can simply write:
<a href="example.com" rel="noreferrer">link</a>
There's also a shim available for other browsers: https://github.com/knu/noreferrer
<a href='data:text/html;charset=utf-8, <html><meta http-equiv="refresh" content="0;URL='http://google.com/'"></html>'>Link</a>
I was trying to figure this out too.
The solution I thought of was to use a data url to hide the actual page I am coming from.
<a href='data:text/html;charset=utf-8, <html><script>window.location = "http://google.ca";</script></html>'>Link</a>
In addition to the information already provided. Lots more information on the topic here: https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer
Specifically allowing you to either send or not send referral information if you need different rules for same-origin or cross-origin requests.
©2020 All rights reserved.