我正在尝试了解 HTTP 引用 header 的行为。我注意到有时 referer 是完整的(完整的 URL,包括路径和查询字符串)但大多数情况下它只包含域。
例如'https://www.google.com/ ' 而不是 'https://www.google.com/search?q=http+referer+truncated&oq=http+referer+truncated&aqs=chrome..69i57.6485j0j1&sourceid=chrome&ie=UTF-8#q=http+referer+is+not+full '
是否有关于何时引用和已满以及何时被截断的规则?
最佳答案
截至 2020 年 11 月的更新详情...
许多浏览器在发出跨域请求时开始默认使用更严格的引用策略 (strict-origin-when-cross-origin
) 而不是旧的默认值 (no- referrer-when-downgrade
).这通常会导致 url 被截断,但偶尔也意味着根本不会设置引荐来源网址 (no-referrer
)。
这是一篇关于此的好文章的摘录: https://plausible.io/blog/referrer-policy
Chrome is using
strict-origin-when-cross-origin
from version 85. Strict-origin-when-cross-origin is where the full path is sent if on the same domain but only sends the domain itself if going to another domain. Previously it usedno-referrer-when-downgrade
.
Firefox is using
no-referrer-when-downgrade
by default. It always passes the full path unless the request is sent from HTTPS to HTTP. Firefox is usingstrict-origin-when-cross-origin
in the Private Browsing tabs and for known trackers.
Edge is using
no-referrer-when-downgrade
. Same as Firefox.
Safari is using
strict-origin-when-cross-origin
. Same as Chrome.
Brave is using
no-referrer
where the referrer header is completely removed. It never shares the full URL even for same-origin requests and you cannot even see the domain name for cross-origin requests.
关于http - 什么情况下 HTTP referer 会被截断,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/45011324/