Referer and Referrer Policy
This lesson will cover how to use the `Referrer-Policy` header in a web server's response to instruct the browser to securely set a `Referer` value when making requests off the page.
When users browse through web pages, the browser may set a request header called Referer in certain conditions. This Referer header is often used by back-end servers to track user behavior for analytics and other means.
How does the Referer header look in an HTTP request, though?
If we were to search for “wikipedia” on Google and click on the Wikipedia search result, we would see the Referer header set as such:
What if a web page had stored sensitive information in a URL, such as an account ID as part of the URL? If a link on that page is then visited and the browser sets the Referer header as it normally would, a leak of sensitive information could occur.
This is where the Referrer Policy header comes in. This header, ...