The HTML <iframe> referrerpolicy attribute is used to specify the reference information that will be sent when fetching the result.
Syntax:
<iframe referrerpolicy="value">
Attribute Values:
- no-referrer: It specifies that no reference information will be sent along with a request.
- no-referrer-when-downgrade: It has a default value. It specifies that refer header will not be sent to origins without HTTPS.
- origin: It specifies to only send the origin of the document as the referrer in all cases.
- origin-when-cross-origin: It sends the origin, path, and query string when performing a same-origin request, but only send the origin of the document for other cases.
- same-origin: It specifies that the referrer will be sent for same-site origins, but cross-origin requests will send no referrer information.
- strict-origin: Sends only the origin for HTTPS → HTTPS, and nothing for HTTPS → HTTP.
- strict-origin-when-cross-origin: Sends full URL for same-origin, only origin for HTTPS → HTTPS cross-origin, and nothing for HTTPS → HTTP.
