cnst answers this correctly above; it's content="origin". That forces browsers going HTTPS->HTTPS and HTTPS->HTTP to have the request header:
http-referer=https://www.google.com
This functionality allows sites to get credit for traffic without leaking URL parameters to a third party. It's awesome, as it's so much less hacky than what people have used here in the past.
There are currently three competing specs for this. I don't know which one is authoritative, and suspect it's a mix. They're similar, on most points.
- http://www.w3.org/TR/referrer-policy/
- http://w3c.github.io/webappsec/specs/referrer-policy/
- https://wiki.whatwg.org/wiki/Meta_referrer
Here's available support, that I know of; would love for people to let me know if I'm wrong or missing anything.
Now:
- Chrome 17+ supports this on desktop
- Chrome 25+ for mobile devices
- Safari 6 on iPad and iPhone
Unknown version:
- Desktop Safari 7 supports this; possible support in earlier versions, but I don't have a browser to confirm.
Upcoming real soon now:
- IE12 Beta has working support (new this week).
- Firefox 38 has the code checked in for a May 2015 release. https://bugzilla.mozilla.org/show_bug.cgi?id=704320