referrer-policy
Advanced tools
The referrer-policy npm package is used to set the Referrer-Policy HTTP header in web applications. This header controls how much referrer information is included with requests made from your site.
Set Referrer-Policy Header
This feature allows you to set the Referrer-Policy header for your web application. In this example, the policy is set to 'no-referrer', which means that the Referer header will be omitted entirely.
const referrerPolicy = require('referrer-policy');
const express = require('express');
const app = express();
app.use(referrerPolicy({ policy: 'no-referrer' }));
app.get('/', (req, res) => {
res.send('Referrer-Policy is set to no-referrer');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});Multiple Policy Options
This feature allows you to choose from multiple policy options for the Referrer-Policy header. In this example, the policy is set to 'strict-origin-when-cross-origin', which means that full URL referrer information is sent for same-origin requests, but only the origin is sent for cross-origin requests.
const referrerPolicy = require('referrer-policy');
const express = require('express');
const app = express();
app.use(referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
app.get('/', (req, res) => {
res.send('Referrer-Policy is set to strict-origin-when-cross-origin');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});Helmet is a collection of 15 smaller middleware functions that set various HTTP headers to help secure your Express.js app. One of these middleware functions is `helmet.referrerPolicy()`, which can be used to set the Referrer-Policy header. Helmet provides a more comprehensive security solution compared to referrer-policy, as it includes additional protections like Content Security Policy, XSS Filter, and more.
The Referer HTTP header is typically set by web browsers to tell the server where it's coming from. For example, if you click a link on example.com/index.html that takes you to wikipedia.org, Wikipedia's servers will see Referer: example.com. This can have privacy implications—websites can see where you are coming from. The new Referrer-Policy HTTP header lets authors control how browsers set the Referer header.
Read the spec to see the options you can provide.
Usage:
var referrerPolicy = require('referrer-policy')
app.use(referrerPolicy({ policy: 'same-origin' }))
// Referrer-Policy: same-origin
app.use(referrerPolicy({ policy: 'unsafe-url' }))
// Referrer-Policy: unsafe-url
app.use(referrerPolicy())
// Referrer-Policy: no-referrer
FAQs
Middleware to set the Referrer-Policy HTTP header
The npm package referrer-policy receives a total of 391,796 weekly downloads. As such, referrer-policy popularity was classified as popular.
We found that referrer-policy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.