javascripthttphttp-headersgoogle-searchreferrer-policy

How does Google sets HTTP Referrer after a search result click

For example, the first search result on this page leads to the older SO question, with the following HTTP request:

GET /questions/4402502/how-does-google-set-the-http-referrer-when-someone-clicks-on-a-search-result-lin HTTP/1.1
Host    stackoverflow.com
Referer https://www.google.ru

Note, that:

  1. Only the domain is included in the Referer header, no query string.
  2. Google is open via HTTPS, while SO is open via plain HTTP - nevertherless, the Referer header is sent by the browser.
  3. There are no server-side redirects involved, the first HTTP query to open after the click is to the target site.

The question is, how do they achieve this?

Solution

  • Google makes use of Referrer Policy. They include the meta tag in the page:

    <meta name="referrer" content="origin">

    This tells browsers to use "Origin Only" policy, that is, to send domain only information in the Referrer header in any subsequent request.