I'm doing a remote script-src
<script src="http://thirdparty.com/test.js"></script>
I don't want to send my http referer headers to thirdparty.com. How do I do it?
I'm doing a remote script-src
<script src="http://thirdparty.com/test.js"></script>
I don't want to send my http referer headers to thirdparty.com. How do I do it?
You would have to proxy the request for the script through your own server. For example:
<script src="stripreferrer.php?url=http%3A%2F%2Fthirdparty.com%2Ftest.js"></script>
Then, your server-side code would make the HTTP request sans referrer code, and pass the response to the client.
The answers from 2013 are obsolete: you can do it by setting a referrer policy on your webpage. For example, if you have
<meta name="referrer" content="origin">
on your page, then any <script src="...">
resources fetched from that page (after that line) will send only the origin and not the full URL. Other options include "no-referrer".
See http://caniuse.com/#feat=referrer-policy for status of adoption by browsers: as of Sep 2016 it's supported by most major non-IE browsers. This older blog post on the Mozilla Security blog may be worth reading if you prefer not to read the standard.
You would have to proxy the request for the script through your own server. For example:
<script src="stripreferrer.php?url=http%3A%2F%2Fthirdparty.com%2Ftest.js"></script>
Then, your server-side code would make the HTTP request sans referrer code, and pass the response to the client.
This is part of the HTTP protocol. You cannot control this using HTML or JavaScript.
© 2022 - 2024 — McMap. All rights reserved.