Feature Summary: While the HTTP Referer header can be suppressed for links with the noreferrer link type, authors might wish to control its content more directly for a number of reasons: * Privacy - stripping the path or blocking referrer entirely on outbound links * Efficiency - referrer can be manipulated via redirect tricks, but that causes extra web requests * HTTPS sites might wish to send a referrer to HTTP sites for accounting or track-backs Using a meta tag, sites can specify a Referrer Policy that dictates how much of the URL is sent as the HTTP Referer header on subresource and outbound links, and also in which cases it is sent. See the draft spec for details.
Status: * Owen Chu started implementing this two years ago, and we gradually ended up with a working implementation that landed 11/18/2014. * Most of the code used by the meta referrer feature is also used for Content Security Policy's "referrer" directive. * Due to oversight, this landed without an "intent to implement". * One bug (1113431) was reported recently and blocks shipping this feature, but we anticipate fixing it quickly. * The feature is currently on the 37 train, and I'd like to ship it with Firefox 37. Draft Spec: https://w3c.github.io/webappsec/specs/referrer-policy/ Main Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=704320 Note from Spec Editor: https://bugzilla.mozilla.org/show_bug.cgi?id=1113431#c29 UAs supporting this: Chrome, Safari Sites requesting: Facebook, Yahoo, Google want this Intended Platform Coverage: all gecko-based platforms If anyone has concerns or considerations that need addressing before we ship meta referrer, please let us know! -Sid _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
