http_referer is not accurate

Photo by Nik on Unsplash

http_referer is not accurate

The Referer http header (actually a misspelling of referrer) identifies the address of the webpage from which the resources has been requested. I wanted to add this context to an API request fired from that page.

When making the request, the value only included the host and not path of the page, which was pretty much useless for my use case.

This behavior was actually intentional and governed by our nginx server’s policy

referrer-policy: origin-when-cross-origin

which would only use the host since the request was to a different origin server.

This was done as a security measure. The more your know.

Reference: