Referer and Referrer Policy
Explore how the Referer header works and the role of Referrer Policy in protecting sensitive data in URLs. Understand different policy settings and how to implement them securely using Helmet in Node.js applications.
When users browse through web pages, the browser may set a request header called Referer in certain conditions. This Referer header is often used by back-end servers to track user behavior for analytics and other means.
How does the Referer header look in an HTTP request, though?
If we were to search for “wikipedia” on Google and click on the Wikipedia search result, we would see the Referer header set as such:
What if a web page had stored sensitive information in a URL, such as an account ID as part of the URL? If a link on that page is then visited and the browser sets the Referer header as it normally would, a leak of sensitive information could occur.
This is where the Referrer Policy header comes in. This header, when set by a web ...