Referer - HTTP - MDN Web Docs
文章推薦指數: 80 %
服务端一般使用 Referer 请求头识别访问来源,可能会以此进行统计分析、日志记录以及缓存优化等。
需要注意的是referer 实际上是"referrer" 误拼写。
参见 ...
SkiptomaincontentSkiptoselectlanguageWeb开发技术HTTPHTTPHeadersRefererArticleActions中文(简体)此页面由社区从英文翻译而来。
了解更多并加入MDNWebDocs社区。
语法指令示例规范浏览器兼容性相关内容RelatedTopics
HTTP
Guides:
ResourcesandURIs
IdentifyingresourcesontheWeb
DataURIs
IntroductiontoMIMEtypes
CommonMIMEtypes
Choosingbetweenwwwandnon-wwwURLs
HTTPguide
BasicsofHTTP
OverviewofHTTP
EvolutionofHTTP
HTTPMessages
AtypicalHTTPsession
ConnectionmanagementinHTTP/1.x
Protocolupgrademechanism
HTTPsecurity
ContentSecurityPolicy(CSP)
HTTPPublicKeyPinning(HPKP)
HTTPStrictTransportSecurity(HSTS)
Cookiesecurity
X-Content-Type-Options
X-Frame-Options
X-XSS-Protection
Mozillawebsecurityguidelines
MozillaObservatory
HTTPaccesscontrol(CORS)
HTTPauthentication
HTTPcaching
HTTPcompression
HTTPconditionalrequests
HTTPcontentnegotiation
HTTPcookies
HTTPrangerequests
HTTPredirects
HTTPspecifications
Featurepolicy
References:
HTTPheaders
Accept-CH-LifetimeAccept-CHAccept-CharsetAccept-EncodingAccept-LanguageAccept-PatchAccept-PostAccept-RangesAcceptAccess-Control-Allow-CredentialsAccess-Control-Allow-HeadersAccess-Control-Allow-MethodsAccess-Control-Allow-OriginAccess-Control-Expose-HeadersAccess-Control-Max-AgeAccess-Control-Request-HeadersAccess-Control-Request-MethodAgeAllowAlt-SvcAuthorizationCache-ControlClear-Site-DataConnectionContent-Disposition
Content-DPRContent-EncodingContent-LanguageContent-LengthContent-LocationContent-RangeContent-Security-Policy-Report-OnlyContent-Security-PolicyContent-TypeCookieCross-Origin-Embedder-PolicyCross-Origin-Opener-PolicyCross-Origin-Resource-PolicyDate
Device-MemoryDigestDNT
Downlink
DPR
Early-Data
ECTETagExpect-CTExpectExpires
Feature-PolicyForwardedFromHostIf-MatchIf-Modified-SinceIf-None-MatchIf-RangeIf-Unmodified-SinceKeep-Alive
Large-AllocationLast-ModifiedLinkLocationNELOrigin
PragmaProxy-AuthenticateProxy-Authorization
Public-Key-Pins-Report-Only
Public-Key-PinsRangeRefererReferrer-PolicyRetry-After
RTTSave-Data
Sec-CH-UA-Arch
Sec-CH-UA-Bitness
Sec-CH-UA-Full-Version-List
Sec-CH-UA-Full-Version
Sec-CH-UA-Mobile
Sec-CH-UA-Model
Sec-CH-UA-Platform-Version
Sec-CH-UA-Platform
Sec-CH-UASec-Fetch-DestSec-Fetch-ModeSec-Fetch-SiteSec-Fetch-UserSec-WebSocket-AcceptServer-TimingServerService-Worker-Navigation-PreloadSet-CookieSourceMapStrict-Transport-SecurityTETiming-Allow-OriginTkTrailerTransfer-EncodingUpgrade-Insecure-RequestsUpgradeUser-AgentVaryVia
Viewport-WidthWant-Digest
Warning
WidthWWW-AuthenticateX-Content-Type-OptionsX-DNS-Prefetch-Control
X-Forwarded-For
X-Forwarded-Host
X-Forwarded-ProtoX-Frame-OptionsX-XSS-Protection
HTTPrequestmethods
CONNECTDELETEGETHEADOPTIONSPATCHPOSTPUTTRACE
HTTPresponsestatuscodes
100Continue101SwitchingProtocols103EarlyHints200OK201Created202Accepted203Non-AuthoritativeInformation204NoContent205ResetContent206PartialContent300MultipleChoices301MovedPermanently302Found303SeeOther304NotModified307TemporaryRedirect308PermanentRedirect400BadRequest401Unauthorized402PaymentRequired403Forbidden404NotFound405MethodNotAllowed406NotAcceptable407ProxyAuthenticationRequired408RequestTimeout409Conflict410Gone411LengthRequired412PreconditionFailed413PayloadTooLarge414URITooLong415UnsupportedMediaType416RangeNotSatisfiable417ExpectationFailed418I'mateapot422UnprocessableEntity425TooEarly426UpgradeRequired428PreconditionRequired429TooManyRequests431RequestHeaderFieldsTooLarge451UnavailableForLegalReasons500InternalServerError501NotImplemented502BadGateway503ServiceUnavailable504GatewayTimeout505HTTPVersionNotSupported506VariantAlsoNegotiates507InsufficientStorage508LoopDetected510NotExtended511NetworkAuthenticationRequired
CSPdirectives
CSP:base-uriCSP:block-all-mixed-contentCSP:child-srcCSP:connect-srcCSP:default-srcCSP:font-srcCSP:form-actionCSP:frame-ancestorsCSP:frame-srcCSP:img-srcCSP:manifest-srcCSP:media-srcCSP:navigate-toCSP:object-srcCSP:plugin-typesCSP:prefetch-src
CSP:referrerCSP:report-toCSP:report-uriCSP:require-sri-forCSP:require-trusted-types-forCSP:sandboxCSP:script-src-attrCSP:script-src-elemCSP:script-srcCSPsourcevaluesCSP:style-src-attrCSP:style-src-elemCSP:style-srcCSP:trusted-typesCSP:upgrade-insecure-requestsCSP:worker-src
CORSerrors
Reason:CORSheader'Access-Control-Allow-Origin'doesnotmatch'xyz'Reason:CORSrequestdidnotsucceedReason:CORSdisabledReason:CORSrequestexternalredirectnotallowedReason:invalidtoken'xyz'inCORSheader'Access-Control-Allow-Headers'Reason:invalidtoken'xyz'inCORSheader'Access-Control-Allow-Methods'Reason:DidnotfindmethodinCORSheader'Access-Control-Allow-Methods'Reason:expected'true'inCORSheader'Access-Control-Allow-Credentials'Reason:missingtoken'xyz'inCORSheader'Access-Control-Allow-Headers'fromCORSpreflightchannelReason:CORSheader'Access-Control-Allow-Origin'missingReason:MultipleCORSheader'Access-Control-Allow-Origin'notallowedReason:CredentialisnotsupportediftheCORSheader'Access-Control-Allow-Origin'is'*'Reason:CORSheader'Origin'cannotbeaddedReason:CORSpreflightchanneldidnotsucceedReason:CORSrequestnotHTTP
Feature-Policydirectives
Feature-Policy:accelerometer
Feature-Policy:ambient-light-sensor
Feature-Policy:autoplay
Feature-Policy:battery
Feature-Policy:camera
Feature-Policy:display-capture
Feature-Policy:document-domain
Feature-Policy:encrypted-media
Feature-Policy:fullscreen
Feature-Policy:gamepad
Feature-Policy:geolocation
Feature-Policy:gyroscope
Feature-Policy:layout-animations
Feature-Policy:legacy-image-formats
Feature-Policy:magnetometer
Feature-Policy:microphone
Feature-Policy:midi
Feature-Policy:oversized-images
Feature-Policy:payment
Feature-Policy:picture-in-picture
Feature-Policy:publickey-credentials-get
Feature-Policy:screen-wake-lock
Feature-Policy:speaker-selection
Feature-Policy:sync-xhr
Feature-Policy:unoptimized-images
Feature-Policy:unsized-media
Feature-Policy:usb
Feature-Policy:web-share
Feature-Policy:xr-spatial-tracking
语法指令示例规范浏览器兼容性相关内容Referer
Referer 请求头包含了当前请求页面的来源页面的地址,即表示当前页面是通过此来源页面里的链接进入的。
服务端一般使用 Referer 请求头识别访问来源,可能会以此进行统计分析、日志记录以及缓存优化等。
需要注意的是referer实际上是"referrer"误拼写。
参见HTTPrefereronWikipedia(HTTPreferer在维基百科上的条目)来获取更详细的信息。
Referer 请求头可能暴露用户的浏览历史,涉及到用户的隐私问题。
在以下两种情况下,Referer 不会被发送:
来源页面采用的协议为表示本地文件的"file"或者"data"URI;
当前请求页面采用的是非安全协议,而来源页面采用的是安全协议(HTTPS)。
Headertype
Requestheader
Forbiddenheadername
yes
语法Referer:
不包含URLfragments(例如"#section")和userinfo(例如"https://username:[email protected]/foo/bar/"中的"username:password")。
示例Referer:https://developer.mozilla.org/en-US/docs/Web/JavaScript规范
Specification
Title
RFC7231,section5.5.2:Referer
HypertextTransferProtocol(HTTP/1.1):SemanticsandContent
浏览器兼容性BCDtablesonlyloadinthebrowser相关内容
HTTPrefereronWikipedia
Referrer-Policy
Foundaproblemwiththispage?EditonGitHubSourceonGitHubReportaproblemwiththiscontentonGitHubWanttofixtheproblemyourself?SeeourContributionguide.Lastmodified:May31,2021,byMDNcontributors
延伸文章資訊
- 1Referer - HTTP - MDN Web Docs
服务端一般使用 Referer 请求头识别访问来源,可能会以此进行统计分析、日志记录以及缓存优化等。 需要注意的是referer 实际上是"referrer" 误拼写。参见 ...
- 2【Chrome 85 更新】淺談Referer-Policy 和更新影響 - MAX行銷誌
HTTP Referrer-Policy 是什麼? 二. Chrome 85 Referer-Policy 更新了什麼? 三. 為什麼要做這項變動? 四. 有什麼影響?
- 3HTTP參照位址- 维基百科,自由的百科全书
Referer的正确英语拼法是referrer。这是早期HTTP规范当中存在的拼写错误,后来为保持向下兼容将错就错。例如DOM Level 2、Referrer Policy等其他网络技术的规范...
- 4Referer - HTTP - MDN Web Docs
The obsolete Content-Security-Policy referrer directive. Same-origin policy · Tighter Control Ove...
- 5HttpRequestHeaders.Referrer 屬性(System.Net.Http.Headers)
public Uri? Referrer { get; set; } member this.Referrer : Uri with get, set. Public Property Refe...