Skip to main content

删除HTTP请求头中的 referrer

· 2 min read

删除HTTP请求头中的 Referer,能解决部分防盗链问题。

在页面的 head 里添加以下代码即可删除Referer请求头:

<meta name="referrer" content="no-referrer" />



<img referrer="no-referrer|origin|unsafe-url" src="image link"/>

<!-- 比如 -->
<img src="" referrerpolicy="no-referrer">

其他有效 meta 选项如下:

<meta name="referrer" content="unsafe-url" />
<meta name="referrer" content="origin" />
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="referrer" content="origin-when-cross-origin" />

Also note that browsers now send the Origin header (with CORS requests and POST requests, see here: ) which includes domain and port, and, as far as I know, cannot be removed. If you use <meta name="referrer" content="origin" /> the referrer will contain similar information to the Origin header, which is already good from a privacy point of view, since it will hide the exact page the user is in.


If you want to remove the referrer by using JavaScript only, you may add the appropriate meta tag dynamically just before making the Ajax request. This JavaScript will add <meta name="referrer" content="no-referrer" /> to head section of the web page:

var meta = document.createElement('meta'); = "referrer";
meta.content = "no-referrer";

原文 - Remove http referer