Referer - HTTP - MDN Web Docs

服务端一般使用 Referer 请求头识别访问来源，可能会以此进行统计分析、日志记录以及缓存优化等。

需要注意的是referer 实际上是"referrer" 误拼写。

参见 ... SkiptomaincontentSkiptoselectlanguageWeb开发技术HTTPHTTPHeadersRefererArticleActions中文(简体)此页面由社区从英文翻译而来。

了解更多并加入MDNWebDocs社区。

语法指令示例规范浏览器兼容性相关内容RelatedTopics HTTP Guides: ResourcesandURIs IdentifyingresourcesontheWeb DataURIs IntroductiontoMIMEtypes CommonMIMEtypes Choosingbetweenwwwandnon-wwwURLs HTTPguide BasicsofHTTP OverviewofHTTP EvolutionofHTTP HTTPMessages AtypicalHTTPsession ConnectionmanagementinHTTP/1.x Protocolupgrademechanism HTTPsecurity ContentSecurityPolicy(CSP) HTTPPublicKeyPinning(HPKP) HTTPStrictTransportSecurity(HSTS) Cookiesecurity X-Content-Type-Options X-Frame-Options X-XSS-Protection Mozillawebsecurityguidelines MozillaObservatory HTTPaccesscontrol(CORS) HTTPauthentication HTTPcaching HTTPcompression HTTPconditionalrequests HTTPcontentnegotiation HTTPcookies HTTPrangerequests HTTPredirects HTTPspecifications Featurepolicy References: HTTPheaders Accept-CH-LifetimeAccept-CHAccept-CharsetAccept-EncodingAccept-LanguageAccept-PatchAccept-PostAccept-RangesAcceptAccess-Control-Allow-CredentialsAccess-Control-Allow-HeadersAccess-Control-Allow-MethodsAccess-Control-Allow-OriginAccess-Control-Expose-HeadersAccess-Control-Max-AgeAccess-Control-Request-HeadersAccess-Control-Request-MethodAgeAllowAlt-SvcAuthorizationCache-ControlClear-Site-DataConnectionContent-Disposition Content-DPRContent-EncodingContent-LanguageContent-LengthContent-LocationContent-RangeContent-Security-Policy-Report-OnlyContent-Security-PolicyContent-TypeCookieCross-Origin-Embedder-PolicyCross-Origin-Opener-PolicyCross-Origin-Resource-PolicyDate Device-MemoryDigestDNT Downlink DPR Early-Data ECTETagExpect-CTExpectExpires Feature-PolicyForwardedFromHostIf-MatchIf-Modified-SinceIf-None-MatchIf-RangeIf-Unmodified-SinceKeep-Alive Large-AllocationLast-ModifiedLinkLocationNELOrigin PragmaProxy-AuthenticateProxy-Authorization Public-Key-Pins-Report-Only Public-Key-PinsRangeRefererReferrer-PolicyRetry-After RTTSave-Data Sec-CH-UA-Arch Sec-CH-UA-Bitness Sec-CH-UA-Full-Version-List Sec-CH-UA-Full-Version Sec-CH-UA-Mobile Sec-CH-UA-Model Sec-CH-UA-Platform-Version Sec-CH-UA-Platform Sec-CH-UASec-Fetch-DestSec-Fetch-ModeSec-Fetch-SiteSec-Fetch-UserSec-WebSocket-AcceptServer-TimingServerService-Worker-Navigation-PreloadSet-CookieSourceMapStrict-Transport-SecurityTETiming-Allow-OriginTkTrailerTransfer-EncodingUpgrade-Insecure-RequestsUpgradeUser-AgentVaryVia Viewport-WidthWant-Digest Warning WidthWWW-AuthenticateX-Content-Type-OptionsX-DNS-Prefetch-Control X-Forwarded-For X-Forwarded-Host X-Forwarded-ProtoX-Frame-OptionsX-XSS-Protection HTTPrequestmethods CONNECTDELETEGETHEADOPTIONSPATCHPOSTPUTTRACE HTTPresponsestatuscodes 100Continue101SwitchingProtocols103EarlyHints200OK201Created202Accepted203Non-AuthoritativeInformation204NoContent205ResetContent206PartialContent300MultipleChoices301MovedPermanently302Found303SeeOther304NotModified307TemporaryRedirect308PermanentRedirect400BadRequest401Unauthorized402PaymentRequired403Forbidden404NotFound405MethodNotAllowed406NotAcceptable407ProxyAuthenticationRequired408RequestTimeout409Conflict410Gone411LengthRequired412PreconditionFailed413PayloadTooLarge414URITooLong415UnsupportedMediaType416RangeNotSatisfiable417ExpectationFailed418I'mateapot422UnprocessableEntity425TooEarly426UpgradeRequired428PreconditionRequired429TooManyRequests431RequestHeaderFieldsTooLarge451UnavailableForLegalReasons500InternalServerError501NotImplemented502BadGateway503ServiceUnavailable504GatewayTimeout505HTTPVersionNotSupported506VariantAlsoNegotiates507InsufficientStorage508LoopDetected510NotExtended511NetworkAuthenticationRequired CSPdirectives CSP:base-uriCSP:block-all-mixed-contentCSP:child-srcCSP:connect-srcCSP:default-srcCSP:font-srcCSP:form-actionCSP:frame-ancestorsCSP:frame-srcCSP:img-srcCSP:manifest-srcCSP:media-srcCSP:navigate-toCSP:object-srcCSP:plugin-typesCSP:prefetch-src CSP:referrerCSP:report-toCSP:report-uriCSP:require-sri-forCSP:require-trusted-types-forCSP:sandboxCSP:script-src-attrCSP:script-src-elemCSP:script-srcCSPsourcevaluesCSP:style-src-attrCSP:style-src-elemCSP:style-srcCSP:trusted-typesCSP:upgrade-insecure-requestsCSP:worker-src CORSerrors Reason:CORSheader'Access-Control-Allow-Origin'doesnotmatch'xyz'Reason:CORSrequestdidnotsucceedReason:CORSdisabledReason:CORSrequestexternalredirectnotallowedReason:invalidtoken'xyz'inCORSheader'Access-Control-Allow-Headers'Reason:invalidtoken'xyz'inCORSheader'Access-Control-Allow-Methods'Reason:DidnotfindmethodinCORSheader'Access-Control-Allow-Methods'Reason:expected'true'inCORSheader'Access-Control-Allow-Credentials'Reason:missingtoken'xyz'inCORSheader'Access-Control-Allow-Headers'fromCORSpreflightchannelReason:CORSheader'Access-Control-Allow-Origin'missingReason:MultipleCORSheader'Access-Control-Allow-Origin'notallowedReason:CredentialisnotsupportediftheCORSheader'Access-Control-Allow-Origin'is'*'Reason:CORSheader'Origin'cannotbeaddedReason:CORSpreflightchanneldidnotsucceedReason:CORSrequestnotHTTP Feature-Policydirectives Feature-Policy:accelerometer Feature-Policy:ambient-light-sensor Feature-Policy:autoplay Feature-Policy:battery Feature-Policy:camera Feature-Policy:display-capture Feature-Policy:document-domain Feature-Policy:encrypted-media Feature-Policy:fullscreen Feature-Policy:gamepad Feature-Policy:geolocation Feature-Policy:gyroscope Feature-Policy:layout-animations Feature-Policy:legacy-image-formats Feature-Policy:magnetometer Feature-Policy:microphone Feature-Policy:midi Feature-Policy:oversized-images Feature-Policy:payment Feature-Policy:picture-in-picture Feature-Policy:publickey-credentials-get Feature-Policy:screen-wake-lock Feature-Policy:speaker-selection Feature-Policy:sync-xhr Feature-Policy:unoptimized-images Feature-Policy:unsized-media Feature-Policy:usb Feature-Policy:web-share Feature-Policy:xr-spatial-tracking 语法指令示例规范浏览器兼容性相关内容Referer Referer 请求头包含了当前请求页面的来源页面的地址，即表示当前页面是通过此来源页面里的链接进入的。

服务端一般使用 Referer 请求头识别访问来源，可能会以此进行统计分析、日志记录以及缓存优化等。

需要注意的是referer实际上是"referrer"误拼写。

参见HTTPrefereronWikipedia（HTTPreferer在维基百科上的条目）来获取更详细的信息。

Referer 请求头可能暴露用户的浏览历史，涉及到用户的隐私问题。

在以下两种情况下，Referer 不会被发送： 来源页面采用的协议为表示本地文件的"file"或者"data"URI； 当前请求页面采用的是非安全协议，而来源页面采用的是安全协议（HTTPS）。

Headertype Requestheader Forbiddenheadername yes 语法Referer: 指令 当前页面被链接而至的前一页面的绝对路径或者相对路径。

不包含URLfragments(例如"#section")和userinfo(例如"https://username:[email protected]/foo/bar/"中的"username:password")。

示例Referer:https://developer.mozilla.org/en-US/docs/Web/JavaScript规范 Specification Title RFC7231,section5.5.2:Referer HypertextTransferProtocol(HTTP/1.1):SemanticsandContent 浏览器兼容性BCDtablesonlyloadinthebrowser相关内容 HTTPrefereronWikipedia Referrer-Policy Foundaproblemwiththispage?EditonGitHubSourceonGitHubReportaproblemwiththiscontentonGitHubWanttofixtheproblemyourself?SeeourContributionguide.Lastmodified:May31,2021,byMDNcontributors