referrer-policy
Advanced tools
The referrer-policy npm package is used to set the Referrer-Policy HTTP header in web applications. This header controls how much referrer information is included with requests made from your site.
Set Referrer-Policy Header
This feature allows you to set the Referrer-Policy header for your web application. In this example, the policy is set to 'no-referrer', which means that the Referer header will be omitted entirely.
const referrerPolicy = require('referrer-policy');
const express = require('express');
const app = express();
app.use(referrerPolicy({ policy: 'no-referrer' }));
app.get('/', (req, res) => {
res.send('Referrer-Policy is set to no-referrer');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});Multiple Policy Options
This feature allows you to choose from multiple policy options for the Referrer-Policy header. In this example, the policy is set to 'strict-origin-when-cross-origin', which means that full URL referrer information is sent for same-origin requests, but only the origin is sent for cross-origin requests.
const referrerPolicy = require('referrer-policy');
const express = require('express');
const app = express();
app.use(referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
app.get('/', (req, res) => {
res.send('Referrer-Policy is set to strict-origin-when-cross-origin');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});Helmet is a collection of 15 smaller middleware functions that set various HTTP headers to help secure your Express.js app. One of these middleware functions is `helmet.referrerPolicy()`, which can be used to set the Referrer-Policy header. Helmet provides a more comprehensive security solution compared to referrer-policy, as it includes additional protections like Content Security Policy, XSS Filter, and more.
The Referer HTTP header is typically set by web browsers to tell the server where it's coming from. For example, if you click a link on example.com/index.html that takes you to wikipedia.org, Wikipedia's servers will see Referer: example.com. This can have privacy implications—websites can see where you are coming from. The new Referrer-Policy HTTP header lets authors control how browsers set the Referer header.
Read the spec to see the options you can provide.
Usage:
const referrerPolicy = require('referrer-policy')
app.use(referrerPolicy({ policy: 'same-origin' }))
// Referrer-Policy: same-origin
app.use(referrerPolicy({ policy: 'unsafe-url' }))
// Referrer-Policy: unsafe-url
app.use(referrerPolicy())
// Referrer-Policy: no-referrer
FAQs
Middleware to set the Referrer-Policy HTTP header
The npm package referrer-policy receives a total of 328,096 weekly downloads. As such, referrer-policy popularity was classified as popular.
We found that referrer-policy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.