a new security header for browser referer, and some explanations behind choices.
https://scotthelme.co.uk/a-new-security ... er-policy/
Recommendations
"Which header you will want or need to use will depend on your requirements but there are some that you should probably stay away from. The unsafe-url value kind of gives you a hint in the name and I wouldn't really advise anyone use it. Likewise if you're thinking of using origin or origin-when-cross-origin then I'd recommend looking at strict-origin and strict-origin-when-cross-origin instead. This will at least plug the little hole of leaking referrer data over an insecure connection. I don't have anything sensitive in the URL for my site so I will probably look at a value like no-referrer-when-downgrade just to keep referrer data off HTTP connections."
New security header referrer policy wording
New security header referrer policy wording
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130410 Firefox/23.0
Re: New security header referrer policy wording
And the list of supporting browsers - https://developer.mozilla.org/docs/Web/ ... patibility
*Always* check the changelogs BEFORE updating that important software!
-