Referer
The HTTP Referer request header identifies the address of the resource from which the current request originated.
Usage
The Referer header is sent by clients (browsers, HTTP
libraries) to indicate the URL of the page or resource
linking to the requested resource. When a user clicks a
link on https://example.re/page, the browser sends the
address of the linking page in the Referer header with the
subsequent request.
Note
The header name "Referer" is a historical misspelling of the English word "referrer." The original HTTP specification introduced this typo, and correcting the spelling now breaks existing implementations. The misspelled form remains the official header name.
The header serves multiple purposes. Analytics systems rely on the referrer to track traffic sources. Servers use the value for logging and access control. Search engines historically used referrer data to understand link relationships between pages.
The Referrer-Policy response header
controls how much information the Referer header
includes. Policies range from sending the full URL
(unsafe-url) to sending only the Origin
(origin) to omitting the header entirely
(no-referrer). Most browsers default to
strict-origin-when-cross-origin, which sends the full URL
for same-origin requests and only the origin for
cross-origin requests.
The Referer header is not sent when navigating from an HTTPS page to an HTTP page (a downgrade) under the default policy. Fragment identifiers and credentials are never included in the value.
Values
Absolute URL
The full URL including scheme, host, path, and query string. Same-origin requests typically include the complete URL.
Referer: https://example.re/articles/http-headers?page=2
Origin only
The scheme and host without path or query string. Sent for cross-origin requests under the default browser policy.
Referer: https://example.re/
Empty or absent
The header is omitted entirely when the
Referrer-Policy is set to no-referrer,
when navigating from a bookmarked URL, when typing a URL
directly into the address bar, or during HTTPS-to-HTTP
downgrades under the default policy.
Example
A browser following a link from a search results page sends the search URL as the referrer. The server receiving the request sees where the visitor came from.
Referer: https://search.example.re/results?q=http+headers
A cross-origin request from a secure page sends only the
origin portion under the default
strict-origin-when-cross-origin policy.
Referer: https://example.re/
A resource loaded on the same origin includes the full path and query string in the referrer value.
Referer: https://example.re/docs/guide?section=headers
Takeaway
The Referer request header identifies the source address of the current request, providing servers with traffic origin data for analytics, logging, and access decisions. The Referrer-Policy header controls how much detail the Referer value exposes.