Question
I'm doing a remote script-src
https://stackoverflow.com/questions/18240474
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian<script src="http://thirdparty.com/test.js"></script>
I don't want to send my http referer headers to thirdparty.com. How do I do it?
Solution 2
You would have to proxy the request for the script through your own server. For example:
<script src="stripreferrer.php?url=http%3A%2F%2Fthirdparty.com%2Ftest.js"></script>
Then, your server-side code would make the HTTP request sans referrer code, and pass the response to the client.
OTHER TIPS
The answers from 2013 are obsolete: you can do it by setting a referrer policy on your webpage. For example, if you have
<meta name="referrer" content="origin">
on your page, then any <script src="..."> resources fetched from that page (after that line) will send only the origin and not the full URL. Other options include "no-referrer".
See http://caniuse.com/#feat=referrer-policy for status of adoption by browsers: as of Sep 2016 it's supported by most major non-IE browsers. This older blog post on the Mozilla Security blog may be worth reading if you prefer not to read the standard.
This is part of the HTTP protocol. You cannot control this using HTML or JavaScript.
