Loadingβ¦
Control how much referrer information your site leaks to other sites.
By default, browsers may send the full URL (including paths and query strings that can contain sensitive data) to other sites when users click outbound links. A Referrer-Policy limits that leakage while keeping useful analytics referrer data.
strict-origin-when-cross-origin is the recommended default β full URL same-origin, only the origin cross-origin, nothing on downgrade.# No Referrer-Policy β full URL leaked cross-originReferrer-Policy: strict-origin-when-cross-originAdd via a security-headers plugin or .htaccess.
Add under headers() in next.config.js.
Run a free audit and get a prioritized fix list with auto-generated code.
Run a free audit