Package detail

referrer-policy

helmetjs1.9mMIT1.2.0

Middleware to set the Referrer-Policy HTTP header

helmet, security, express, connect, referer, referrer, privacy

readme

Referrer Policy

The Referer HTTP header is typically set by web browsers to tell the server where it's coming from. For example, if you click a link on example.com/index.html that takes you to wikipedia.org, Wikipedia's servers will see Referer: example.com. This can have privacy implications—websites can see where you are coming from. The new Referrer-Policy HTTP header lets authors control how browsers set the Referer header.

Read the spec to see the options you can provide.

Usage:

const referrerPolicy = require('referrer-policy')

app.use(referrerPolicy({ policy: 'same-origin' }))
// Referrer-Policy: same-origin

app.use(referrerPolicy({ policy: 'unsafe-url' }))
// Referrer-Policy: unsafe-url

app.use(referrerPolicy())
// Referrer-Policy: no-referrer

changelog

Changelog

1.2.0 - 2019-05-03

Added

Allow multiple values to be set. See #7
Added TypeScript type definitions. See helmetjs/helmet#188
Created a changelog

Changed

Updated documentation

Changes in versions 1.1.0 and below can be found in Helmet's changelog.