Hide Referrer on click

In HTML 5 links should support rel="noreferrer" for this purpose.


As of 2015 this is how you prevent sending the Referer header:

<meta name="referrer" content="no-referrer" />

Just add this to the head section of the web page. Works both for links and for Ajax requests.


Work-around, not a solution:

generate all such links through tinyurl.com or similar service.

Take <url> you want to redirect to, and raw-url-encode it. Generate some random string of say 10-15 chars (to ensure it's availability) lest call it <alias>.

Then call http://tinyurl.com/create.php?alias=<alias>&url=<url>

E.g. http://tinyurl.com/create.php?alias=ahdiwabdoubiadasd&url=http%3A%2F%2Fwww.whatismyreferer.com%2F

Now you can verify that http://tinyurl.com/ahdiwabdoubiadasd leads to www.whatismyreferer.com with referrer disguised


Here is a fool proof way to do this. I use this script in an app that sometimes links to 3rd-party websites from pages who's URLs need to be kept private.

<?php
session_start();

/**
  Setp 1. Get the query string variable and set it in a session, then remove it from the URL.
*/
if (isset($_GET['to']) && !isset($_SESSION['to'])) {
    $_SESSION['to'] = urldecode($_GET['to']);
    header('Location: http://yoursite.com/path/to/this-script.php');// Must be THIS script
    exit();
}


/**
  Step 2. The page has now been reloaded, replacing the original referer with  what ever this script is called.
  Make sure the session variable is set and the query string has been removed, then redirect to the intended location.
*/
if (!isset($_GET['to']) && isset($_SESSION['to'])) {
    $output = '<!DOCTYPE html>
<html>
<head>
<meta name="robots" content="none">
<title>Referral Mask</title>
</head>
<body>
<h3>Redirecting...</h3>
<script>window.location.href="'.$_SESSION['to'].'"</script>
<a href="'.$_SESSION['to'].'">Here is your link</a>
</body>
</html>' . "\n";
    unset($_SESSION['to']);
    echo $output;
    exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="robots" content="none">
<title>Referral Mask</title>
</head>
<body>
<h1>Referral Mask</h1>
<p>This resource is used to change the HTTP Referral header of a link clicked from within our secure pages.</p>
</body>
</html>

This script uses both PHP and JavaScript to reliably remove the original referrer from the headers.