Testing Referrer Policies
Testing Referrer Policies
Manual Testing Methods
// Browser console test
fetch('https://httpbin.org/headers')
.then(r => r.json())
.then(data => console.log('Referrer sent:', data.headers.Referer));
// Test different policies
const testReferrerPolicy = async (url, policy) => {
const testUrl = 'https://httpbin.org/headers';
const meta = document.createElement('meta');
meta.name = 'referrer';
meta.content = policy;
document.head.appendChild(meta);
const response = await fetch(testUrl);
const data = await response.json();
console.log(`Policy: ${policy}, Referrer: ${data.headers.Referer || 'none'}`);
document.head.removeChild(meta);
};
// Test all policies
['no-referrer', 'origin', 'strict-origin-when-cross-origin'].forEach(policy => {
testReferrerPolicy(window.location.href, policy);
});
Automated Testing Script
const puppeteer = require('puppeteer');
async function testReferrerPolicies(baseUrl) {
const browser = await puppeteer.launch();
const results = [];
const policies = [
'no-referrer',
'no-referrer-when-downgrade',
'origin',
'origin-when-cross-origin',
'same-origin',
'strict-origin',
'strict-origin-when-cross-origin',
'unsafe-url'
];
for (const policy of policies) {
const page = await browser.newPage();
// Intercept requests to check referrer
const referrers = [];
page.on('request', request => {
referrers.push({
url: request.url(),
referrer: request.headers().referer
});
});
// Set referrer policy
await page.setExtraHTTPHeaders({
'Referrer-Policy': policy
});
// Navigate to test page
await page.goto(baseUrl);
// Click external link
await page.evaluate(() => {
const link = document.createElement('a');
link.href = 'https://httpbin.org/headers';
link.id = 'test-link';
document.body.appendChild(link);
link.click();
});
await page.waitForTimeout(2000);
results.push({
policy,
referrers
});
await page.close();
}
await browser.close();
return results;
}