Common Use Cases and Patterns
Common Use Cases and Patterns
E-commerce Site Implementation
// Different policies for different sections
const ecommerceReferrerPolicy = (req, res, next) => {
const path = req.path;
if (path.startsWith('/checkout/') || path.startsWith('/account/')) {
// Sensitive areas - no referrer information
res.setHeader('Referrer-Policy', 'no-referrer');
} else if (path.startsWith('/products/')) {
// Product pages - allow origin for analytics
res.setHeader('Referrer-Policy', 'origin');
} else if (path.startsWith('/affiliate/')) {
// Affiliate links - full URL needed
res.setHeader('Referrer-Policy', 'unsafe-url');
} else {
// Default policy
res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
}
next();
};
Analytics-Friendly Configuration
// Balance privacy with analytics needs
app.use((req, res, next) => {
// Default strict policy
res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
// Override for specific analytics endpoints
res.locals.referrerOverrides = {
'https://www.google-analytics.com': 'origin',
'https://analytics.company.com': 'origin-when-cross-origin'
};
next();
});
// Client-side implementation
document.addEventListener('click', function(e) {
const link = e.target.closest('a');
if (link && link.href) {
const url = new URL(link.href);
const overrides = window.referrerOverrides || {};
if (overrides[url.origin]) {
link.setAttribute('referrerpolicy', overrides[url.origin]);
}
}
});