Edge does not support latest META REFERRER tokens

Issue #7119603 • Assigned to Travis L.


Eric L.
Apr 5, 2016
This issue is public.
Found in
  • Microsoft Edge
Standard affected
Referrer Policy

Found in build #
Reported by 5 people

Sign in to watch or report this issue.

Steps to reproduce

The Referrer Policy specification evolved since its implementation in Edge. As a consequence (and as shown on http://caniuse.com/#search=referrer), Edge lack support for the ‘origin-when-cross-origin’ and ‘unsafe-url’ tokens.
Per the spec: “Note: Authors are encouraged to avoid the legacy keywords never, default, and always. The keywords no-referrer, no-referrer-when-downgrade, and unsafe-url respectively are preferred.”
Test Pages:


2 attachments

Comments and activity

  • Microsoft Edge Team

    Changed Assigned To to “Travis L.”

  • Current Meta Referrer values supported by Edge:
    default, never, origin, always

    Should be updated to align with W3C Spec Values:
    origin, no-referrer, no-referrer-when-downgrade, origin-when-crossorigin, and unsafe-URL

    You can repro / check what meta ref is being passed with https://www.whatismyreferer.com/

  • It’s not “Edge” when it’s so far behind.

    This feature should be supported by both and HTTP header Security-Policy: .

  • I would like to add something very important. Edge does not support the referrer-policy attribute either, all the other browsers are fully supporting this: https://www.w3.org/TR/referrer-policy/#referrer-policy-delivery-referrer-attribute - this feature allow setting different referrer policies per element (for example I’d like to pass on the referrer data for some URLs but not for all).

  • IE don’t support this feature now.

  • Security vulnerabilities with Microsoft and non-Microsoft web sites that are mitigated by meta referrer with options from the current spec are not mitigated for users of Edge and IE 11 because Edge and IE 11 are far behind Chrome and Firefox in supporting this spec.

You need to sign in to your Microsoft account to add a comment.

Sign in