RefererReferer is the request header that names the URL of the previous page — the page whose link or resource led the user to this request. It is used for traffic-source analytics, referral stats, and basic access control.
The name 'Referer' is actually a misspelling of 'Referrer'. A typo in the early-1990s spec was standardized as-is, so the header name remains misspelled to this day (while the later policy header uses the correct spelling, `Referrer-Policy`). This spelling mismatch is a common source of confusion.
Referer carries privacy and security concerns. Exposing the full URL can leak sensitive data — search terms, session tokens, internal paths — to external sites. To control this, the `Referrer-Policy` response header lets a site specify policies such as sending no referrer (no-referrer), only the origin (origin), or a trimmed value across origins (strict-origin-when-cross-origin, the modern browser default).
When navigating from an HTTPS page to an HTTP page, browsers by default omit the Referer to prevent leakage on downgrade.
Referer: <absolute-or-partial-URL>e.g. Referer: https://www.example.com/search?q=headers