New to the community? Start here

[Defender] Security tweak

If I resolve, “Referrer Policy Security Header” will it affect Google Analytics? I’m also not sure what “Referrer Information” is. How do I know which option to select?

Tue, 14 Jan 2020 13:26:39
More Defender Pro discussions
Defender Pro
  • Adam
    • Support Gorilla

    Hi Brent

    I hope you’re well today!

    The “Referrer-Policy” header basically tells the web browser what kind of information about your website URL should be passed to another website when a visitor goes from your website to another one.

    In other words: let’s say you got a link to wikipedia on your website; if a visitor visits your site and then click on that link, normally – without that header set at all, by deafult – wikipedia would get information about “referrer”, so it would know that visitor came from your site. By setting such header you can actually limit the amount/type of such information passed over to other sites.

    So, to answer your first question about analytics – the way you set it for your site shouldn’t actually affect your analytics but it might affect those of the sites that your visitors will go to from your site. And, the same way, your analytics might be affected by how that header is set on the other sites from which visitors come to your site. But you don’t have any control of that, I’m afraid.

    To answer your second question – when you edit the tweak each possible option has a description once you select it, saying what it does so that should be helpful if you know that it applies to information about your website passed over to other sites. For example:

    – “no-referrer” – target website won’t know (at least not if site/server isn’t use some sort of “trick”:wink: where visitor came from, if came from your site because there’ll be no URL, no path and no query string send

    – “no-referrer-when-downgrade” – if your site is SSL protected then a) if visitor goes from it to another HTTPS site, all information (URL, path, query string) will be send b) if visitor goes from your site to non-SSL site, no information will be passed over

    – “origin” – only send the origin of the document as the referrer in all cases. The document https://example.com/page.html will send the referrer https://example.com/.

    You’ll find more information about this header and its options in this great article:

    Enter your description herehttps://scotthelme.co.uk/a-new-security-header-referrer-policy/

    Best regards,
    Adam