- See if it works for your browser here: http://caniuse.com/#feat=referrer-policy
- See specs here: http://w3c.github.io/webappsec/specs/referrer-policy/
Also note that browsers now send the Origin header (with CORS requests and POST requests, see here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin ) which includes domain and port, and, as far as I know, cannot be removed. If you use
<meta name="referrer" content="origin" /> the referrer will contain similar information to the Origin header, which is already good from a privacy point of view, since it will hide the exact page the user is in.
<meta name="referrer" content="no-referrer" /> to head section of the web page: