HTTP Referer Removal: The Complete Developer Guide (rel=noreferrer, Referrer-Policy & More)

Six Ways to Remove the HTTP Referer Header

The HTTP Referer header is sent by browsers when users navigate from one page to another. As a developer, you have multiple ways to control or suppress it. Here are all six methods, from simplest to most comprehensive.

Method 1: rel="noreferrer" on HTML Links (Simplest)

Add rel="noreferrer" to any anchor tag to prevent the Referer header for that specific link:

<a href="https://external-site.com" rel="noreferrer">Visit site</a>

Also adds: rel="noreferrer" implicitly includes rel="noopener", which prevents the new tab from accessing the parent window via window.opener.

Browser support: All modern browsers. Works for direct user clicks.

Limitation: Must be added to every outbound link individually. Does not affect programmatic navigation.

Method 2: Referrer-Policy HTTP Header (Recommended for Site Owners)

Set this header on your server responses to control referrer behaviour for all links on your site:

# Apache
Header always set Referrer-Policy "no-referrer"

# Nginx
add_header Referrer-Policy "no-referrer" always;

# PHP
header('Referrer-Policy: no-referrer');

Policy options:

• no-referrer — Never send any referrer
• no-referrer-when-downgrade — Default browser behaviour (HTTPS→HTTPS sends, HTTPS→HTTP suppresses)
• strict-origin-when-cross-origin — Recommended: send origin only for cross-origin, full URL for same-origin
• same-origin — Only send referrer when staying on same domain
• origin — Send domain only, never the full path

Method 3: Meta Referrer Tag (HTML-Only, No Server Required)

Add this to your <head> to set referrer policy for the entire page without modifying server config:

<meta name="referrer" content="no-referrer">

Accepts the same values as the HTTP header. Useful when you cannot modify server headers (shared hosting, static sites).

Method 4: Referrer-Policy on Individual Links

HTML supports the referrerpolicy attribute on anchor, img, iframe, and script tags:

<a href="https://external.com" referrerpolicy="no-referrer">Link</a>
<img src="https://cdn.example.com/img.jpg" referrerpolicy="no-referrer">
<iframe src="https://embed.example.com" referrerpolicy="no-referrer"></iframe>

More granular than the meta tag — applies only to the specific element rather than the whole page.

Method 5: JavaScript Fetch / XMLHttpRequest

When making API requests from JavaScript, control the referrer explicitly:

// Fetch API
fetch('https://api.example.com/data', {
  referrerPolicy: 'no-referrer',
  referrer: ''
});

// XMLHttpRequest (older)
var xhr = new XMLHttpRequest();
// XHR does not support direct referrer control
// Use fetch instead for new code

Method 6: Use a Dereferer Service (For Shared Links)

When you cannot control the destination or the user's browser, route links through a dereferer. Our Dereferer tool wraps any URL and strips the Referer header server-side before the visitor reaches the destination.

This is the only method that works regardless of the user's browser settings, OS, or whether they click the link directly or copy-paste it.

JavaScript: Check the Current Referer

// Read the current page's referrer
console.log(document.referrer);
// Returns the URL of the previous page, or empty string if no referrer

Test this in real-time using our My Referrer Checker — visit it from any page to see exactly what Referer your browser is sending.

Browser Support Summary

Quick Reference: Which Method Should You Use?

• Site owner, server access: Set Referrer-Policy HTTP header globally
• Individual links only: Use rel="noreferrer" or referrerpolicy attribute
• No server access: Use <meta name="referrer"> tag
• Sharing a link externally: Use a Dereferer
• API requests: Set referrerPolicy: 'no-referrer' in Fetch

Related Tools

• Dereferer — Strip Referer from any link instantly
• My Referrer Checker — See what your browser currently sends
• HTTP Headers Checker — Inspect all request and response headers
• Hide Referrer Link — Create anonymous redirect links