问题
I'm doing a remote script-src
<script src="http://thirdparty.com/test.js"></script>
I don't want to send my http referer headers to thirdparty.com. How do I do it?
回答1:
You would have to proxy the request for the script through your own server. For example:
<script src="stripreferrer.php?url=http%3A%2F%2Fthirdparty.com%2Ftest.js"></script>
Then, your server-side code would make the HTTP request sans referrer code, and pass the response to the client.
回答2:
The answers from 2013 are obsolete: you can do it by setting a referrer policy on your webpage. For example, if you have
<meta name="referrer" content="origin">
on your page, then any <script src="..."> resources fetched from that page (after that line) will send only the origin and not the full URL. Other options include "no-referrer".
See http://caniuse.com/#feat=referrer-policy for status of adoption by browsers: as of Sep 2016 it's supported by most major non-IE browsers. This older blog post on the Mozilla Security blog may be worth reading if you prefer not to read the standard.
回答3:
This is part of the HTTP protocol. You cannot control this using HTML or JavaScript.
来源:https://stackoverflow.com/questions/18240474/strip-out-referers-from-script-src