Try for Free
Advertisement
  1. SEJ
  2.  » 
  3. News

Chrome 85 Will Set Website Referrer Headers if Missing

Chrome 85 will automatically decide referrer information sent for sites that do not set a referrer (referer) header.

Chrome 85 Will Set Website Referrer Headers if Missing
Advertisement

Beginning in Chrome 85, Chrome will check if there’s a referrer security header. If none is present, Chrome will automatically default to a strict header. Publishers who need the full URL to be passed will need to add a referer security header in order to continue doing so.

Referer (sic) Security Header

The referer security header (yes, the misspelling is correct) controls what URL is sent from the origin site to the destination of a link.

There are several different referrer headers.

Two main kinds of referrer headers are called:

  1. strict-origin-when-cross-origin
  2. no-referrer-when-downgrade

There are other headers to choose from, but the above two are popular choices.

There are other headers that are stricter and less strict. But the above two are fairly appropriate for most sites.

What is Strict Origin When Cross Origin?

strict-origin-when-cross-origin will only pass your domain name to the destination site but not the entire URL of your web page. Additionally, the link will not pass any origin URL information at all if the link is insecure (HTTP).

This is a useful security setting because there are times when private user information is embedded in the URL string. By using this security header, any sensitive information that is embedded in the URL string will be hidden.

What is No Referrer When Downgrade?

The no-referrer-when-downgrade referer security header will pass your entire URL, including the web page URL, to the destination page. However it will not send any URL information if the link is to an insecure URL.

Advertisement
Continue Reading Below

No-referrer-when-downgrade is useful because it will keep data from being leaked through an insecure link but it will still show the full URL of the referring site. This is useful for edge cases where there is a reason you need to pass the full web page URL.

Chrome 85 Default Referrer Setting

Beginning in Chrome 85, which is scheduled for release in August 2020, any site that does not have a referer security header will be upgraded to strict-origin-when-cross-origin. This will improve security for Chrome browser users as well as improve security for sites that do not have a referer security header.

Citation

A New Default Referrer-Policy for Chrome: Strict-Origin-When-Cross-Origin

More Resources:

ADVERTISEMENT

Subscribe to SEJ

Get our daily newsletter from SEJ's Founder Loren Baker about the latest news in the industry!

Ebook

Roger Montti

Roger Montti is a search marketer with 20 years experience. He provides site audits, phone consultations and content and link ... [Read full bio]

ADVERTISEMENT
Advertisement
Read the Next Article
Read the Next