HTTP/2 200
x-guploader-uploadid: ABgVH8-kSzhdC1ZxXeXSAFBPtrO7puDvuG_L_B-M0rxKeIhRDzTyIzJtfqAQQoPpRWallv6U
x-goog-generation: 1752626726396070
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 75463
x-goog-meta-goog-reserved-file-mtime: 1752625549
x-goog-hash: crc32c=KBlCpg==, md5=2Tlx3pKKtT0QD93K3IBeAA==
x-goog-storage-class: STANDARD
accept-ranges: none
expires: Wed, 16 Jul 2025 22:20:44 GMT
cache-control: public, max-age=3600
last-modified: Wed, 16 Jul 2025 00:45:26 GMT
etag: W/"d93971de928ab53d100fddcadc805e00"
content-type: text/html
age: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
alt-svc: clear
x-content-type-options: nosniff
strict-transport-security: max-age=63072000
content-security-policy: default-src 'self'; script-src 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-EehWlTYp7Bqy57gDeQttaWKp0ukTTEUKGP44h8GVeik=' 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M='; script-src-elem 'report-sample' 'self' 'wasm-unsafe-eval' https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/js assets.codepen.io production-assets.codepen.io https://js.stripe.com 'sha256-EehWlTYp7Bqy57gDeQttaWKp0ukTTEUKGP44h8GVeik=' 'sha256-XNBp89FG76amD8BqrJzyflxOF9PaWPqPqvJfKZPCv7M='; style-src 'report-sample' 'self' 'unsafe-inline'; object-src 'none'; base-uri 'self'; connect-src 'self' developer.allizom.org bcd.developer.allizom.org bcd.developer.mozilla.org updates.developer.allizom.org updates.developer.mozilla.org https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://incoming.telemetry.mozilla.org https://observatory-api.mdn.allizom.net https://observatory-api.mdn.mozilla.net https://api.github.com/search/issues stats.g.doubleclick.net https://api.stripe.com; font-src 'self'; frame-src 'self' interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net mdn.github.io live-samples.mdn.mozilla.net live-samples.mdn.allizom.net *.mdnplay.dev *.mdnyalp.dev *.play.test.mdn.allizom.net https://v2.scrimba.com https://scrimba.com jsfiddle.net www.youtube-nocookie.com codepen.io survey.alchemer.com https://js.stripe.com; img-src 'self' data: *.githubusercontent.com *.googleusercontent.com *.gravatar.com mozillausercontent.com firefoxusercontent.com profile.stage.mozaws.net profile.accounts.firefox.com developer.mozilla.org mdn.dev interactive-examples.mdn.mozilla.net interactive-examples.mdn.allizom.net wikipedia.org upload.wikimedia.org https://mdn.github.io/shared-assets/ https://mdn.dev/ https://*.google-analytics.com https://*.googletagmanager.com www.gstatic.com; manifest-src 'self'; media-src 'self' archive.org videos.cdn.mozilla.net https://mdn.github.io/shared-assets/; child-src 'self'; worker-src 'self';
x-frame-options: DENY
origin-trial: AxVILwizhbMjxFeHOn1P3R8niO1RJY/smaK4B4d1rLzc1gTaxtXMSaTi+FoigYgCw40uFRDwFcEAeqDR+vVLOW4AAABfeyJvcmlnaW4iOiJodHRwczovL2RldmVsb3Blci5tb3ppbGxhLm9yZyIsImZlYXR1cmUiOiJQcml2YXRlQXR0cmlidXRpb25WMiIsImV4cGlyeSI6MTc0MjA3OTYwMH0=
x-cloud-trace-context: d31e0eff0ce56d0cfb754e13d28e6f7a
date: Wed, 16 Jul 2025 21:20:44 GMT
server: Google Frontend
via: 1.1 google
vary: Accept-Encoding
content-encoding: gzip
x-cache: miss
HTMLLinkElement: referrerPolicy property - Web APIs | MDN
HTMLLinkElement: referrerPolicy property Baseline Widely available *
The referrerPolicyHTMLLinkElementreferrerpolicy<link>
See the HTTP Referrer-Policy
A string; one of the following:
no-referrer
The Referer
no-referrer-when-downgrade
The URL is sent
as a referrer when the protocol security level stays the same (e.g.HTTP→HTTP,
HTTPS→HTTPS), but isn't sent to a less secure destination (e.g., HTTPS→HTTP).
origin
Only send the origin of the document as the referrer in all cases.
The document https://example.com/page.html will send the referrer
https://example.com/.
origin-when-cross-origin
Send a full URL when performing a same-origin request, but only send the origin of
the document for other cases.
same-origin
A referrer will be sent for same-site origins , but
cross-origin requests will contain no referrer information.
strict-origin
Only send the origin of the document as the referrer when the protocol security
level stays the same (e.g., HTTPS→HTTPS), but don't send it to a less secure
destination (e.g., HTTPS→HTTP).
strict-origin-when-cross-origin (default)
This is the user agent's default behavior if no policy is specified. Send a full URL when performing a same-origin request, only send the origin when the
protocol security level stays the same (e.g., HTTPS→HTTPS), and send no header to a
less secure destination (e.g., HTTPS→HTTP).
unsafe-url
Send a full URL when performing a same-origin or cross-origin request. This policy
will leak origins and paths from TLS-protected resources to insecure origins.
Carefully consider the impact of this setting.
const links = document.getElementsByTagName("link");
links[0].referrerPolicy; // "no-referrer"
