Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Strip out referers from script src

Tags:

html

http-referer

referrer-policy

script-tag

I'm doing a remote script-src

<script src="http://thirdparty.com/test.js"></script>

I don't want to send my http referer headers to thirdparty.com. How do I do it?

like image 659
Alagu Avatar asked Aug 14 '13 19:08

Alagu

People also ask

How do I remove Referer?

Can be disabled via menu Tools > Preferences > Advanced > Network, and uncheck "Send referrer information".

How do I hide HTTP Referer?

You can check the browser support at “Can I use Referrer Policy”. To set all links on your website to omit the referral information, add the below <meta> tag to the <head> section of your website. There are various values you can set instead of “no-referrer” that might be better to use.

Can I change document referrer?

You can't, document. referrer is a read-only property, which value changes only when picking a link. If this picked link is on a security site, an empty string is assigned.

What is Referer header in HTTP request?

The Referer HTTP request header contains an absolute or partial address of the page that makes the request. The Referer header allows a server to identify a page where people are visiting it from. This data can be used for analytics, logging, optimized caching, and more.

3 Answers

The answers from 2013 are obsolete: you can do it by setting a referrer policy on your webpage. For example, if you have

<meta name="referrer" content="origin">

on your page, then any <script src="..."> resources fetched from that page (after that line) will send only the origin and not the full URL. Other options include "no-referrer".

See http://caniuse.com/#feat=referrer-policy for status of adoption by browsers: as of Sep 2016 it's supported by most major non-IE browsers. This older blog post on the Mozilla Security blog may be worth reading if you prefer not to read the standard.

like image 129
ShreevatsaR Avatar answered Oct 23 '22 02:10

ShreevatsaR

You would have to proxy the request for the script through your own server. For example:

<script src="stripreferrer.php?url=http%3A%2F%2Fthirdparty.com%2Ftest.js"></script>

Then, your server-side code would make the HTTP request sans referrer code, and pass the response to the client.

like image 6
Jacob Avatar answered Oct 23 '22 03:10

Jacob

This is part of the HTTP protocol. You cannot control this using HTML or JavaScript.

like image 1
Diodeus - James MacFarlane Avatar answered Oct 23 '22 02:10

Diodeus - James MacFarlane
Sign in to Comment

Related questions

"javascript:;" for href attribute in HTML anchor tag
How do i draw the content of DIV on html5 canvas using jquery
How to make textbox as not editable in asp.net(c#)
How to redirect html extension using htaccess?
jQuery mouse click counter
ASP.NET MVC 3 HiddenFor Javascript
CSS3 vs JavaScript: What is the advantage? [closed]
Show/Hide div element with one button
Greyed-out "waiting" page in Javascript? [duplicate]
Transform Property CSS3 scale but stick at bottom
Draw arc will linear gradient html5 canvas
If HTTP is Hyper Text Transfer Protocol, how can we upload documents and images? [closed]
Can I render a DT on the same line as its DD?
Active or Focus Effect on HTML< Ul> tag
jQuery fade not Animating Smoothly
continous speech recognition with Webkit speech api
How to link to specific line of text in page, using only URL?
Using node.js to serve up basic web page with CSS and JS includes
HREF to call a PHP function and pass a variable?
"Link to App Store" widget for mobile website

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!