How to prevent Referer leakage

Noreferer link attribute

If you specify an attribute for the link, rel="noreferrer", web browser will not pass Referer header in the HTTP request.

<a href="http://third.party/url" rel="noreferer">Click</a>

But the Referer header will be sent in process of resources downloading from external websites, such as images or videos.

<img href="http://external.tld/image.png" />

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  Quiz →