referrer-policy
raw JSON → 1.2.0 verified Sat Apr 25 auth: no javascript
Express/Connect middleware to set the Referrer-Policy HTTP header, part of the Helmet.js security suite. Version 1.2.0 is stable and works with Node >=4. Ships TypeScript definitions. Allows specifying one of the standard policy values (e.g., no-referrer, same-origin, strict-origin-when-cross-origin) or an array of policies for fallback. Lightweight and focused, with no external dependencies.
Common errors
error Error: Cannot find module 'referrer-policy' ↓
cause Package not installed or import path wrong.
fix
Run 'npm install referrer-policy' and ensure import path matches package name.
error TypeError: referrerPolicy is not a function ↓
cause Using named import { referrerPolicy } instead of default import.
fix
Use 'import referrerPolicy from 'referrer-policy''.
error Invalid policy value: 'something-else' ↓
cause Passed an unsupported policy string.
fix
Use one of the valid policies: 'no-referrer', 'no-referrer-when-downgrade', 'same-origin', 'origin', 'strict-origin', 'origin-when-cross-origin', 'strict-origin-when-cross-origin', 'unsafe-url'.
Warnings
gotcha The 'policy' option must be a string or an array of strings. If an array, only the first valid policy is used by some browsers. ↓
fix Pass a single policy string unless you intend fallback behavior (array).
gotcha Setting policy to an empty string or invalid value will default to 'no-referrer' silently. ↓
fix Always validate policy against the allowed values listed in the spec.
deprecated The 'policy' option default changed from 'no-referrer' to 'strict-origin-when-cross-origin'? Not applicable for this package; defaults to 'no-referrer'. ↓
fix Explicitly set policy to avoid ambiguity.
Install
npm install referrer-policy yarn add referrer-policy pnpm add referrer-policy Imports
- referrerPolicy wrong
const referrerPolicy = require('referrer-policy')correctimport referrerPolicy from 'referrer-policy' - referrerPolicy wrong
import { referrerPolicy } from 'referrer-policy'correctconst referrerPolicy = require('referrer-policy') - Default import (TypeScript) wrong
import * as referrerPolicy from 'referrer-policy'correctimport referrerPolicy from 'referrer-policy'
Quickstart
import express from 'express';
import referrerPolicy from 'referrer-policy';
const app = express();
app.use(referrerPolicy({ policy: 'same-origin' }));
// Sets Referrer-Policy: same-origin
app.listen(3000);