CSP referrer directive has been deprecated

Published: | Categories: DOM, Privacy & Security


The Content Security Policy (CSP) referrer directive, used to specify how the Referer HTTP header works, is now deprecated and will be removed in the near future. It has already been removed from Chrome 56 shipped this January. Use the Referrer-Policy HTTP header instead.

Update: The directive has been removed with Firefox 62.