| HTTP |
|---|
 |
| Request methods |
| Header fields |
| Response status codes |
| Security access control methods |
| Security vulnerabilities |
In HTTP, "Referer" (a misspelling of "Referrer"[1]) is an optional HTTP header field that identifies the address of the web page (i.e., the URI or IRI) from which the resource has been requested. By checking the referrer, the server providing the new web page can see where the request originated.
In the most common situation, this means that when a user clicks a hyperlink in a web browser, causing the browser to send a request to the server holding the destination web page, the request may include the Referer field, which indicates the last page the user was on (the one where they clicked the link).
Web sites and web servers log the content of the received Referer field to identify the web page from which the user followed a link, for promotional or statistical purposes.[citation needed] This entails a loss of privacy for the user and may introduce a security risk.[2] To mitigate security risks, browsers have been steadily reducing the amount of information sent in Referer. As of March 2021, by default Chrome,[3] Chromium-based Edge, Firefox,[4] Safari[5] default to sending only the origin in cross-origin requests, stripping out everything but the domain name.
- ^ Cite error: The named reference
s3T5Awas invoked but never defined (see the help page). - ^ Cite error: The named reference
Leakwas invoked but never defined (see the help page). - ^ Cite error: The named reference
N9xNjwas invoked but never defined (see the help page). - ^ Cite error: The named reference
6l6drwas invoked but never defined (see the help page). - ^ Wilander, John (2019-12-10). "Preventing Tracking Prevention Tracking". WebKit blog.