← 返回首页
HTMLAreaElement: referrerPolicy property - Web APIs | MDN
HTML

HTML: Markup language

HTML reference HTML guides Markup languages
CSS

CSS: Styling language

CSS reference CSS guides Layout cookbook
JavaScriptJS

JavaScript: Scripting language

JS reference JS guides
Web APIs

Web APIs: Programming interfaces

Web API reference Web API guides
All

All web technology

Technologies Topics
Learn

Learn web development

Frontend developer course Learn HTML Learn CSS Learn JavaScript
Tools

Discover our tools

About

Get to know MDN better

Blog
Toggle sidebar
  1. Web
  2. Web APIs
  3. HTMLAreaElement
  4. referrerPolicy
Theme
  • OS default
  • Light
  • Dark
English (US)
Remember language Learn more

HTMLAreaElement: referrerPolicy property

Baseline Widely available *

This feature is well established and works across many devices and browser versions. It’s been available across browsers since April 2021.

* Some parts of this feature may have varying levels of support.

The HTMLAreaElement.referrerPolicy property reflect the HTML referrerpolicy attribute of the <area> element defining which referrer is sent when fetching the resource.

In this article

Value

A string; one of the following:

no-referrer

The Referer header will be omitted entirely. No referrer information is sent along with requests.

no-referrer-when-downgrade

The URL is sent as a referrer when the protocol security level stays the same (e.g.HTTP→HTTP, HTTPS→HTTPS), but isn't sent to a less secure destination (e.g., HTTPS→HTTP).

origin

Only send the origin of the document as the referrer in all cases. The document https://example.com/page.html will send the referrer https://example.com/.

origin-when-cross-origin

Send a full URL when performing a same-origin request, but only send the origin of the document for other cases.

same-origin

A referrer will be sent for same-site origins, but cross-origin requests will contain no referrer information.

strict-origin

Only send the origin of the document as the referrer when the protocol security level stays the same (e.g., HTTPS→HTTPS), but don't send it to a less secure destination (e.g., HTTPS→HTTP).

strict-origin-when-cross-origin (default)

This is the user agent's default behavior if no policy is specified. Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (e.g., HTTPS→HTTPS), and send no header to a less secure destination (e.g., HTTPS→HTTP).

unsafe-url

Send a full URL when performing a same-origin or cross-origin request. This policy will leak origins and paths from TLS-protected resources to insecure origins. Carefully consider the impact of this setting.

Examples

html
<img usemap="#my-map" width="100" height="100" src="/img/logo@2x.png" /> <map id="my-map" name="my-map"></map>
js
const elt = document.createElement("area"); elt.href = "/img2.png"; elt.shape = "rect"; elt.referrerPolicy = "no-referrer"; elt.coords = "0,0,100,100"; const map = document.getElementById("my-map"); map.appendChild(elt); // When clicked, the area's link will not send a referrer header.

Specifications

Specification
HTML
# dom-area-referrerpolicy

Browser compatibility

Enable JavaScript to view this browser compatibility table.

See also

Help improve MDN

Was this page helpful to you?
Yes No
Learn how to contribute

This page was last modified on Nov 30, 2025 by MDN contributors.

View this page on GitHubReport a problem with this content
  1. HTML DOM API
  2. HTMLAreaElement
  3. Instance properties
    1. alt
    2. coords
    3. download
    4. hash
    5. host
    6. hostname
    7. href
    8. interestForElement
    9. origin
    10. password
    11. pathname
    12. ping
    13. port
    14. protocol
    15. referrerPolicy
    16. rel
    17. relList
    18. search
    19. shape
    20. target
    21. username
  4. Instance methods
    1. toString()
  5. Inheritance
    1. HTMLElement
    2. Element
    3. Node
    4. EventTarget
  6. Related pages for HTML DOM
    1. BeforeUnloadEvent
    2. DOMStringMap
    3. ErrorEvent
    4. HTMLAnchorElement
    5. HTMLAudioElement
    6. HTMLBRElement
    7. HTMLBaseElement
    8. HTMLBodyElement
    9. HTMLButtonElement
    10. HTMLCanvasElement
    11. HTMLDListElement
    12. HTMLDataElement
    13. HTMLDataListElement
    14. HTMLDialogElement
    15. HTMLDivElement
    16. HTMLDocument
    17. HTMLElement
    18. HTMLEmbedElement
    19. HTMLFieldSetElement
    20. HTMLFormControlsCollection
    21. HTMLFormElement
    22. HTMLFrameSetElement
    23. HTMLGeolocationElement
    24. HTMLHRElement
    25. HTMLHeadElement
    26. HTMLHeadingElement
    27. HTMLHtmlElement
    28. HTMLIFrameElement
    29. HTMLImageElement
    30. HTMLInputElement
    31. HTMLLIElement
    32. HTMLLabelElement
    33. HTMLLegendElement
    34. HTMLLinkElement
    35. HTMLMapElement
    36. HTMLMediaElement
    37. HTMLMenuElement
    38. HTMLMetaElement
    39. HTMLMeterElement
    40. HTMLModElement
    41. HTMLOListElement
    42. HTMLObjectElement
    43. HTMLOptGroupElement
    44. HTMLOptionElement
    45. HTMLOptionsCollection
    46. HTMLOutputElement
    47. HTMLParagraphElement
    48. HTMLPictureElement
    49. HTMLPreElement
    50. HTMLProgressElement
    51. HTMLQuoteElement
    52. HTMLScriptElement
    53. HTMLSelectElement
    54. HTMLSourceElement
    55. HTMLSpanElement
    56. HTMLStyleElement
    57. HTMLTableCaptionElement
    58. HTMLTableCellElement
    59. HTMLTableColElement
    60. HTMLTableElement
    61. HTMLTableRowElement
    62. HTMLTableSectionElement
    63. HTMLTemplateElement
    64. HTMLTextAreaElement
    65. HTMLTimeElement
    66. HTMLTitleElement
    67. HTMLTrackElement
    68. HTMLUListElement
    69. HTMLUnknownElement
    70. HTMLVideoElement
    71. HashChangeEvent
    72. History
    73. ImageData
    74. Location
    75. MessageChannel
    76. MessageEvent
    77. MessagePort
    78. Navigator
    79. PageRevealEvent
    80. PageSwapEvent
    81. PageTransitionEvent
    82. Plugin
    83. PluginArray
    84. PromiseRejectionEvent
    85. RadioNodeList
    86. TimeRanges
    87. UserActivation
    88. ValidityState
    89. Window
    90. WorkletGlobalScope
  7. Guides
    1. Using microtasks in JavaScript with queueMicrotask()
    2. In depth: Microtasks and the JavaScript runtime environment

Your blueprint for a better internet.

MDN Contribute Developers

Visit Mozilla Corporation’s not-for-profit parent, the Mozilla Foundation.
Portions of this content are ©1998–2026 by individual mozilla.org contributors. Content available under a Creative Commons license.