Skip to main content

删除HTTP请求头中的 referrer

· 2 min read

删除HTTP请求头中的 Referer,能解决部分防盗链问题。

在页面的 head 里添加以下代码即可删除Referer请求头:

<meta name="referrer" content="no-referrer" />



<img referrerpolicy="no-referrer|origin|unsafe-url" src="image link"/>

<!-- 比如 -->
<img referrerpolicy="no-referrer" src="" />

参考文档 HTMLImageElement: referrerPolicy property

其他有效 meta 选项如下:

<meta name="referrer" content="unsafe-url" />
<meta name="referrer" content="origin" />
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="referrer" content="origin-when-cross-origin" />

Also note that browsers now send the Origin header (with CORS requests and POST requests, see here: ) which includes domain and port, and, as far as I know, cannot be removed. If you use <meta name="referrer" content="origin" /> the referrer will contain similar information to the Origin header, which is already good from a privacy point of view, since it will hide the exact page the user is in.


If you want to remove the referrer by using JavaScript only, you may add the appropriate meta tag dynamically just before making the Ajax request. This JavaScript will add <meta name="referrer" content="no-referrer" /> to head section of the web page:

var meta = document.createElement('meta'); = "referrer";
meta.content = "no-referrer";

原文 - Remove http referer


除了指定 referrerPolicy 策略的形式去掉请求头里的 referrer 的方式, 还可以借助第三方中转服务:

  • WordPress:图片地址1 (图片地址要掉 https://)
  • 百度 1:图片地址
  • 百度 2:图片地址 (图片地址要去掉 https://)


<img referrerpolicy="no-referrer" src=""  />