Hi, I'm Tsuneo([twitter:@yoshiokatsuneo]).
Now, the latest Chrome is stopping to send the URL path as HTTP Referer on cross-domain access.
If you analyze access to your web site, you can not know which article leads the user to your site.
We have a blog as our own media to lead to our web service. And, we are monitoring the reference URLs to our web service.
We happen to nice that the more and more reference is from the blog top page, and less and less reference from each article URLs.
From our access logs, it looks like the change happens only on Chrome.
And, we noticed that the default "Referrer Policy" is changed from no-referrer-when-downgrade to strict-origin-when-cross-origin on Chrome85.
For example, the reference URL "https://paiza.hatenablog.com/entry/2020/10/01/140612" is stripped to "https://paiza.hatenablog.com/" .
But, actually, when I test on Chrome85 my machine, the setting was "no-referrer-when-downgrade", yet. It looks that the setting is changing gradually.
How to see the Referrer Policy
We can see that what URL is sent as Referer on the cross-domain link.
If the first green box has a URL with the path, your Chrome has "no-referrer-when-downgrade" as the Referrer Policy.
If the first green box has a URL without the path like below, your Chrome has the new "strict-origin-when-cross-origin" settings like below.
You can also see the Referrer-Policy on Chrome developer tool, network tab.
Why is the "Referrer Policy" changed ?
The Referrer Policy is changed because of privacy and security concerns.
The Referer URL may contain search keywords, account ID, e-mail address, or other IDs, and the information may be sent to the linked site as "Referer".
Nowadays, security and privacy are getting more critical than before. So, other browsers may change the settings as Chrome does.
Current Referrer Policy deployment status
How many Chrome85 have new "strict-origin-when-cross-origin", at now ?
At first, I created a poll at Slack. It looks more than half have the new settings.
Also, from the access logs to our web sites, the percentage of Referer from the top page is growing from less than 10% to around 20% on 8th/Sep, and more than 50% on 29th/Sep or later.
If you can change the HTTP header or the HTML meta tag, you can change the Policy Referrer settings.
HTTP header(Policy-Referrer) settings
You can change Policy-Referrer HTTP response header field. On nginx, you can change the configuration file like below.
add_header 'Referrer-Policy' 'no-referrer-when-downgrade';
meta tag(name=referer) settings
You can also change using the HTML meta tag like below.
<meta name="referrer" content="no-referrer-when-downgrade"/>
You can also change on Chrome settings by putting "chrome://flags/#reduced-referrer-granularity" on the URL bar for testing. By enabling the settings, Chrome does not send pathname on the URL. By disabling the settings, Chrome sends pathname on the URL.
On Safari 13 introducing ITP2.3, the access from the domain classified as tracker does not contain the path on Referer.
The new Chrome85 is gradually stopping to send a URL path on Referer on cross-domain link, and it can cause huge impact on your web marketing. I recommend checking your settings on web sites, access logs, or analysis tools.
With「PaizaCloud Cloud IDE」, you can flexibly and easily develop your Web application or server application, and publish it, just in your browser.