konklone
commented
7 years ago I would prefer to send this only on search results, so that we can still show specific landing pages that are sending traffic to others.
Closed divergentdave closed 7 years ago
konklone
commented
7 years ago I would prefer to send this only on search results, so that we can still show specific landing pages that are sending traffic to others.
konklone
commented
7 years ago Thank you for making the change! It looks great to me, please merge if the tests pass.
divergentdave
commented
7 years ago It isn't having any effect in local testing, I think. Going to grab a newer browser and poke at it some more.
divergentdave
commented
7 years ago I gave up on the header and did the same thing with meta tags instead. Browsers have supported the meta tag for longer, plus everyone who's anyone uses it.
konklone
commented
7 years ago Oh whoops, I could have told you that, as I did here: https://stackoverflow.com/a/40494373/16075
We updated the language at https://https.cio.gov/faq/#how-can-an-https-site-keep-sending-referrer-information-to-linked-http-sites%3f to recommend the <meta> tag version while noting that the header version exists but with much less user agent support.
This will send only 'Referer: https://oversight.garden/' on browsers that support the strict-origin directive, and fall back to no referrer header at all for browsers that only support no-referrer.
Why not? I figure no one needs to know people's search terms on the site.