HTML <iframe> referrerpolicy Attribute

❮ HTML <iframe> tag


Specifies that no referrer information will be sent along with the request:

<iframe src="" referrerpolicy="no-referrer"></iframe>
Try it Yourself »

Definition and Usage

The referrerpolicy attribute specifies how much/which referrer information that will be sent when processing the iframe attributes.

Browser Support

The numbers in the table specify the first browser version that fully supports the attribute.

referrerpolicy 51.0 79.0 50.0 11.1 38.0

Differences Between HTML 4.01 and HTML5

The referrerpolicy attribute is new in HTML5.


<iframe referrerpolicy="value">

Attribute Values

Value Description
no-referrer No referrer information will be sent along with a request
no-referrer-when-downgrade Default. Specifies that the referer header will not be sent to origins without HTTPS
origin Send only scheme, host, and port to the request client
origin-when-cross-origin For cross-origin requests: Send only scheme, host, and port. For same-origin requests: Also include the path
same-origin For same-origin requests: Referrer info will be sent. For cross-origin requests: No referrer info will be sent
strict-origin Only send referrer info if the security level is the same (e.g. HTTPS to HTTPS). Do not send to a less secure destination (e.g. HTTPS to HTTP)
strict-origin-when-cross-origin Send full path when performing a same-origin request. Send only origin when the security level stays the same (e.g. HTTPS to HTTPS). Send no header to a less secure destination (HTTPS to HTTP)
unsafe-url Only send origin and path (not fragment, password, or username). This value is considered unsafe

❮ HTML <iframe> tag