Server

Description

Technical Info

protocol	HTTP Header
type	Request Header
Mozilla link	https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referer
RFC	RFC2068

Usage

The Referer header is generated by the Client

Syntax

Referer = "Referer" ":" ( absoluteURI | relativeURI )

The Referer header is

Related Headers

The Host header is not directly related or dependant on any other header, although it does work with the request field.

Examples

Example Referer headers.

Referer: https://http-headers.com/request-headers.html
Referer: http://localhost:800/test.html
Referer: http://telephone-number-checker.co.uk/area-code/0208004/Geographic%20Number

The Referer[sic] header allows the Client to declare, for - amongst others - the Origin Server's benefit, the URI of the resource from which the request was obtained. No referer will be sent for a resource directly accessed. That is, no referer will be sent for resources requested as a result of direct input. It is only provided when accessed from an existing resource held by the Client. In the event that a partial URI is provided, the server needs to interpret the URI relative the the request URI.

Security

A Client security issue exist in some use cases because the source link in a Referer may contain information that is otherwise private and would not be revealed. There are various options to address this situation;

Anonymise external links via your server^*. This requires some technical knowledge (so is not appropriate for all cases) but is the most comprehensive, globally supported, way of achieving the desired outcome as it does not rely on client software implementing other options correctly. This is sometimes called an "Exit Page" redirect.
Add rel="noreferrer" to Anchor or AREA elements. This attribute is supported by the majority of HTML5 compliant browsers and ensures that the referer on specific links is not passed as part of the request. Using the rel="noreferrer" means the referer is only blocked from interaction with specific click events.
Alternatively, it is possible to define a referrerpolicy by placing a meta tag in the page's head. The <meta name="referrer" content="no-referrer"> tag defined a referrer policy telling the browser not to send a referer at all. This removes the need to specifically mark links in the way the rel="noreferrer" option does. Note that this standard has not been officially adopted, however, there is good support, at time of writing, by most mainstream browsers, as indicated by Can I use.

^*We do not encourage the use of anonymising clicks services such as dereferer.me or anonym.to! It is possible for the operators of such a service to capture private or sensitive information during the course of their anonymising activities.

Home ⋙ Request Headers ⋙ Referer