meta referrer

Controls how much referrer information the browser sends when users click links from your page to other sites.

The referrer policy controls what is sent in the HTTP Referer header when a user navigates from your page to another URL. This affects: your analytics data from other sites (do they see your URL as the referrer?), privacy (do external sites see your full URL?), and how clicks from your pages appear in Google Analytics on the destination site.

The default browser behaviour (no-referrer-when-downgrade) sends the full URL as the referrer for HTTPS-to-HTTPS navigation, but strips it for HTTPS-to-HTTP. Common values: "no-referrer" (never send referrer), "origin" (send only the domain, not the full URL), "strict-origin-when-cross-origin" (the Fetch spec default — full URL for same-origin, only origin for cross-origin, nothing for downgrade).

For most sites, the default policy is fine. Set a stricter policy only if your URLs contain sensitive parameters (user IDs, session tokens) that you do not want shared with external sites.