Your browser tells every website you visit exactly where you came from. Every click, every link, every page navigation carries an invisible piece of data — the HTTP Referer header — that tracks your path across the web. Hiding this information is one of the most effective and underused privacy measures available to everyday internet users, developers, and businesses alike.
This guide covers every method for hiding referrer information — from simple browser settings to server-side headers, from browser extensions to dedicated link anonymisation tools — with practical instructions for each approach and guidance on when to use which method.
Why You Would Want to Hide Referrer Information
Personal privacy
When you click a link from a private forum, a medical website, a support group, or any sensitive context, the destination site learns where you came from. If the source URL reveals the nature of the page — a mental health support group, a legal advice forum, a political discussion board — you are involuntarily disclosing your interests and activities to every site you navigate to.
Search query privacy
Clicking search results sends your search terms to destination websites via the Referer header. A user who searches for "how to leave an abusive relationship" and clicks a result sends those exact search terms to that site and potentially to every third-party script running on it, including advertising networks that will use this information for ad targeting.
Protecting internal systems
When employees click external links from internal company systems — intranets, project management tools, internal documentation — the Referer header can reveal the existence and URL structure of those internal systems to external sites. This is both a privacy issue and a security concern.
Affiliate and business link protection
Marketers and affiliate publishers often do not want competitors to see which sites they are linking to or which campaigns they are running. Stripping referrer information from outbound links prevents reverse-engineering of marketing strategies through server-side Referer log analysis.
Preventing data aggregation
Advertising networks collect Referer data at enormous scale. Suppressing Referer headers is one of several techniques that, combined with tracker blocking and fingerprint resistance, substantially reduces the amount of data available for cross-site behavioural profiling.
Method 1: Use a Dereferer Tool
The simplest and most immediate way to hide referrer information for a specific link is to pass it through a dereferer — a service that strips the Referer header before forwarding the user to the destination.
The Anonymiz Dereferer works by routing the link through an intermediate page that sets a Referrer-Policy of no-referrer before redirecting. The destination site receives a request with no Referer header — it cannot tell where the click came from.
How to use it: paste any URL into the dereferer, get back a clean anonymous link. When someone clicks the anonymous link, they are forwarded to the destination with no Referer information transmitted.
Best for: sharing links in emails, forums, social media, or any context where you want the destination to receive clicks without knowing their origin. Also useful for affiliate marketers protecting commission links, researchers sharing sources without revealing methodology, and anyone sharing sensitive resources without creating a connection between the source and destination.
Method 2: Configure Your Browser
Most modern browsers allow you to control Referer behaviour through settings or configuration options.
Firefox
Firefox provides the most granular Referer control of any mainstream browser. In the address bar, type about:config and press Enter. Search for network.http.referer.defaultPolicy. The values correspond to different policies: 0 sends no Referer header ever, 1 sends only the origin, 2 is strict-origin-when-cross-origin (the default), 3 sends the full URL always.
Setting this to 1 or 2 provides significant privacy improvement. Setting it to 0 maximises privacy but may break some websites that depend on Referer for CSRF protection or access control.
Firefox also has network.http.referer.defaultPolicy.trackers which specifically controls Referer behaviour for known tracking domains — setting this to 0 suppresses Referer for trackers while maintaining it for regular sites.
Chrome and Chromium-based browsers
Chrome does not expose direct Referer control in its standard settings. The most practical approach for Chrome users is to install a browser extension that manages Referer headers, or to switch to Brave which provides built-in Referer controls.
Brave Browser
Brave's Shields feature includes Referer header control. In Brave settings under Shields, enable the option to randomise fingerprinting signals — this affects Referer along with canvas, WebGL, and other fingerprinting vectors. Brave's strict fingerprinting mode sets Referer to only send the origin, never the full path, for cross-origin requests.
Safari
Safari uses Intelligent Tracking Prevention (ITP) which, among other privacy measures, limits Referer headers in certain cross-site scenarios. Safari does not provide direct user control over Referer behaviour beyond its privacy settings, but ITP's automatic link decoration stripping and referrer downgrading provide meaningful protection.
Method 3: Browser Extensions
Several browser extensions specifically manage Referer headers, providing automatic protection without requiring manual configuration for each link.
uBlock Origin
uBlock Origin, primarily an ad and tracker blocker, can also strip Referer headers for cross-origin requests. In advanced mode, uBlock Origin allows per-domain rules that control whether Referer headers are sent to specific destinations. While not its primary function, it provides meaningful Referer control as part of a broader privacy setup.
Referer Control (Firefox)
A dedicated Firefox extension that provides granular control over Referer headers per domain. You can configure rules to remove Referer entirely, send only the origin, or send the full URL — with different rules for different destination domains. Useful for power users who want precise control rather than a blanket policy.
Smart Referer
Available for both Firefox and Chrome, Smart Referer automatically strips the Referer header when navigating to a different domain while leaving it intact for same-domain navigation. This is a sensible middle ground — you retain Referer for internal site navigation where it is legitimate and useful, while hiding it for all cross-site navigation where it is primarily a tracking vector.
Method 4: The Referrer-Policy HTTP Header (For Website Owners)
If you own a website, you can control what Referer information all links from your pages send to external destinations by setting the Referrer-Policy header in your server's HTTP responses.
The most privacy-protective option for most sites is no-referrer-when-cross-origin or same-origin. These settings ensure that users who click external links from your site do not expose where they came from to those external destinations.
In Apache, add to your .htaccess file: Header always set Referrer-Policy "no-referrer-when-cross-origin"
In Nginx, add to your server block: add_header Referrer-Policy "no-referrer-when-cross-origin";
In PHP, add before any output: header('Referrer-Policy: no-referrer-when-cross-origin');
You can also set the Referrer-Policy per-link using the HTML referrerpolicy attribute on individual anchor tags: <a href="https://external.com" referrerpolicy="no-referrer">Link</a>
Or set it for all links on a page using a meta tag in the head: <meta name="referrer" content="no-referrer-when-cross-origin">
Method 5: Use HTTPS Consistently
When navigating from an HTTPS page to an HTTP page, all modern browsers strip the Referer header entirely as a security measure — they do not transmit secure page URLs over unencrypted connections. This means that if your site uses HTTPS (which it should), any links from your pages to HTTP destinations will automatically have no Referer header.
However, this only helps with HTTPS-to-HTTP transitions, which are becoming rare as most sites now use HTTPS. For HTTPS-to-HTTPS navigation — the vast majority of modern web traffic — Referer headers are still sent according to the browser's default policy.
Method 6: Use a Privacy-Focused Browser
Some browsers are designed with privacy as a primary goal and include built-in Referer suppression as part of their default configuration.
Tor Browser sets Referrer-Policy to same-origin globally, meaning external sites never receive Referer information from Tor Browser users. Combined with Tor's IP anonymisation, this provides extremely strong referrer privacy — though at significant performance cost due to Tor's routing.
Brave in Strict fingerprinting mode limits Referer to origin-only for cross-origin requests, providing good protection with minimal website breakage.
LibreWolf (a Firefox fork focused on privacy) ships with conservative Referer defaults that send minimal information cross-origin.
Which Method Should You Use?
| Use Case | Recommended Method |
|---|---|
| Hide referrer for a specific link you are sharing | Dereferer tool |
| Hide referrer for all your browsing automatically | Firefox about:config or Smart Referer extension |
| Protect users who leave your website | Referrer-Policy HTTP header |
| Maximum privacy across all signals | Brave or Tor Browser |
| Hide referrer from specific tracking domains only | uBlock Origin advanced mode |
| Per-domain control | Referer Control extension (Firefox) |
What Hiding the Referer Does and Does Not Do
Suppressing the Referer header is a meaningful privacy measure but it is not a complete solution to online tracking. Here is what it does and does not achieve:
It does: prevent destination sites from knowing which specific page you came from. It stops search query leakage through navigation. It prevents internal URL exposure. It reduces data available for cross-site tracking profiles.
It does not: hide your IP address. It does not prevent browser fingerprinting. It does not block cookies or prevent first-party tracking. It does not prevent the destination site from knowing you visited — only from knowing where you came from.
For comprehensive privacy, Referer suppression should be combined with IP anonymisation (VPN or Tor), tracker blocking (uBlock Origin), fingerprint resistance (Brave or Firefox with appropriate settings), and where appropriate, cookie management tools.
Frequently Asked Questions
Does hiding the Referer break any websites?
Some websites use Referer validation as part of CSRF protection, meaning form submissions from pages where the Referer is stripped may be rejected. Some paywalled sites use Referer to allow access to articles linked from social media or search engines. In practice, setting Referrer-Policy to same-origin or strict-origin-when-cross-origin rarely causes noticeable breakage for typical browsing.
Is hiding the Referer legal?
Completely legal. You are not required to send any particular HTTP headers when making requests. Browser vendors implement Referer suppression by default in many scenarios, and users have every right to configure their browsers and tools to limit what information they share with third-party websites.
Can websites detect that I am hiding my Referer?
Yes — a missing Referer header is detectable. A site receiving a request with no Referer header knows either that the user navigated directly, used a dereferer, or configured their browser to suppress Referer. Some sites use this as a signal — for example, a paywall might not grant social media bypass access if no Referer from a social platform is present. But this is a minor inconvenience rather than a significant problem for privacy-focused users.
