Looking to control the referrer-policy of your site? There are certain privacy and security benefits. However, not all the options are supported by all the browsers, so review your requirements before the implementation.
Referrer-Policy supports the following syntax.
|no-referrer||Referrer information will not be sent with the request.|
|no-referrer-when-downgrade||The default setting where referrer is sent to the same protocol as HTTP to HTTP, HTTPS to HTTPS.|
|unsafe-url||full URL will be sent with the request.|
|same-origin||Referrer will be sent only for same origin site.|
|strict-origin||send only when a protocol is HTTPS|
|strict-origin-when-cross-origin||the full URL will be sent over a strict protocol like HTTPS|
|origin||send the origin URL in all the requests|
|origin-when-cross-origin||send FULL URL on the same origin. However, send only origin URL in other cases.|
You can add the following if you want to set no-referrer.
Header set Referrer-Policy "no-referrer"
And after the restart, you should have in the response headers.
Let’s say you need to implement the same origin, so you got to add the following.
add_header Referrer-Policy same-origin;
Once configured, you should have the results below.