Referrer is basically optional though, you can specify a link to have no referrer : `<a href="example.com" rel="noreferrer">link</a>` , among other ways.
It's true that the links only increase the revenue/traffic to their website though, so they should really be supporting the referrers rather than blocking them.
> you can specify a link to have no referrer : `<a href="example.com" rel="noreferrer">link</a>` , among other ways.
But you wouldn't do that if you want the link to resolve. If you don't want it to work, why would you go to all of the trouble of creating the link in the first place?
There are options to control the referrer in various places, but it is still included by default. The only situation I can think of where its blocked by default is when navigating from https to http.
I didn't realise I missed a point to address, I'll seek to clarify.
It's always the user's choice as to whether to send referrers or not, as the referrer is actually added by the user's web browser itself. Extensions exist for just about every major web browser[1][2][...] to modify the behaviour of the HTTP Referrer field. If you don't like the idea of sending referrers, it's entirely within your control to never send a single referrer.
In almost all cases, disabling the referrer entirely won't result in any broken behaviour, primarily as the HTTP Referrer is unreliable and can be spoofed anyway.
If a user doesn't want to send the referrer when there is no referrer, no referrer should be sent. This then allows sites to distinguish between direct traffic from users that don't block referrers and traffic with blocked referrers. I wouldn't expect this to be a significant concern, because the volume of actual direct traffic is not very large.
The real shame is why the linked page even gets referral information at all (and why we cannot disable it on a browser)...
I'd love to have a browser setting to just completely disable "Referer:" headers and blank out `document.referrer`. Like, clearly hosts can control referral information to high granularity (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Re...) but why can't users... (actually apparently you can set this for Firefox)
Yes. Which is another reason to disable referers in the browser. (There are extensions to toggle them on/off quickly, in the rare event that a website doesn't work properly.)
For remote links, you should add rel=noopener as well, to prevent reverse tabnapping.
Combined with rel=noreferrer, that’ll be rel="noopener noreferrer".
Update: sorry, this is not necessary. noreferrer implies noopener (https://html.spec.whatwg.org/multipage/links.html#link-type-...). But while a Referrer-Policy of no-referrer renders rel=noreferrer unnecessary, you still want rel=noopener, so you might as well go with rel=noreferrer. referrerpolicy=no-referrer is superfluous in this location.
Referrers are useful and can be a friendly, automatic way of letting someone know how you found their page. I've discovered many links to my pages on other websites, and whole articles discussing my articles, through referrers. Since none of the other pinging mechanisms ever gained universal traction, it's the best thing we have, and I'm sorry that it's all but disappeared. And I remember how amazed I was to discover the existence of "referrer spam" years ago.
You can block referrers in a number of ways whenever you'd like, for example with a simple bookmarklet:
It's true that the links only increase the revenue/traffic to their website though, so they should really be supporting the referrers rather than blocking them.
reply