删除http referer [英] Remove http referer

问题描述

是否可以删除或隐藏请求标头中的http引用信息？
i希望删除使用javascript python或django中的脚本从我的网站转到其他网站的用户的http引用信息

Is it a way to remove or hide http referer information in request header? i want to remove http referrer information of users who goes to other site from my site using a script possibly in javascript python or django

示例：

Host    slogout.espncricinfo.com
User-Agent  Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0    
Accept  text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8    
Accept-Language en-us,en;q=0.5    
Accept-Encoding gzip, deflate    
Accept-Charset  ISO-8859-1,utf-8;q=0.7,*;q=0.7    
Connection  keep-alive
Referer http://slogout.espncricinfo.com/index.php?page=index&level=login

推荐答案

截至2015年，这是您阻止发送Referer标头的方式：

只需将其添加到网页：

 <meta name="referrer" content="no-referrer" />

此代码适用于JavaScript代码的链接和Ajax请求页面。

This works both for links and for Ajax requests made by JavaScript code on the page.

其他有效的元选项包括：

<meta name="referrer" content="unsafe-url" />
<meta name="referrer" content="origin" />
<meta name="referrer" content="no-referrer-when-downgrade" />
<meta name="referrer" content="origin-when-cross-origin" />

•看看它是否适用于您的浏览器： http://caniuse.com/#feat=referrer-policy

• See if it works for your browser here: http://caniuse.com/#feat=referrer-policy

•参见规范： http://w3c.github.io/webappsec/specs/referrer-policy /

另请注意，浏览器现在发送 Origin 标头（包含CORS请求和POST请求，请参阅此处： https://developer.mozilla.org/en- US / docs / Web / HTTP / Headers / Origin ）包括域名和端口，据我所知，无法删除。如果您使用< meta name =referrercontent =origin/> ，引荐来源将包含与 Origin 标题，从隐私的角度来看已经很好了，因为它会隐藏用户所在的确切页面。

Also note that browsers now send the Origin header (with CORS requests and POST requests, see here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin) which includes domain and port, and, as far as I know, cannot be removed. If you use <meta name="referrer" content="origin" /> the referrer will contain similar information to the Origin header, which is already good from a privacy point of view, since it will hide the exact page the user is in.

更新：

如果您只想使用JavaScript删除引荐来源，您可以在发出Ajax请求之前动态添加相应的元标记。此JavaScript会将< meta name =referrercontent =no-referrer/> 添加到网页的主题部分：

If you want to remove the referrer by using JavaScript only, you may add the appropriate meta tag dynamically just before making the Ajax request. This JavaScript will add <meta name="referrer" content="no-referrer" /> to head section of the web page:

var meta = document.createElement('meta');
meta.name = "referrer";
meta.content = "no-referrer";
document.getElementsByTagName('head')[0].appendChild(meta);

这篇关于删除http referer的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！