Setting the Referrer Policy (Security.Header.Referrer-Policy)
When a user navigates from one website to another, data is sent via an HTTP request. The Referrer Policy determines which data is sent. In Avendoo, for example, this applies when an external video from a video platform is accessed. In this article, we explain the settings you can configure in Avendoo’s security.header.Referrer-Policy system setting.
1
Navigate to Administration → System settings and enter security.header.Referrer-Policy in the filter.
2
Open the system setting by clicking on the title and enter the desired value. Possible values according to the HTTP protocol specification are:
| Value | Behavior |
|---|---|
no-referrer |
No referrer header is sent. |
no-referrer-when-downgrade |
The referrer is not sent when switching from HTTPS to HTTP. |
origin |
Only the origin (e.g., https://academy.avendoo.de) is sent, not the full URL path. |
origin-when-cross-origin |
For cross-origin requests, only the origin is sent; for same-origin, the full URL. |
same-origin |
The referrer is sent only for same-origin requests. |
strict-origin |
Only the origin is sent, but not on downgrade from HTTPS to HTTP. |
strict-origin-when-cross-origin |
Full URL for same-origin, origin for cross-origin, nothing on downgrade. |
unsafe-url |
The full referrer is always sent, even on downgrade – not recommended for privacy reasons. |
3
Save the system setting.
Prerequisites
Author account with the permission System settings: Change, create
Was this article helpful?
Thank you for your feedback!