(HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. Meaning all communications between your browser and the website are encrypted.


When traffic passes from a secure HTTPS site to a non-secure HTTP site, the referral data gets stripped away. Instead of these visits being documented as Organic traffic (Visitors referred by an unpaid search engine listing, e.g. Google search), this data is being documented as Direct traffic (Visitors who visited the site by typing the URL directly into their browser, bookmarks/favorites, untagged links within emails, or links that don't include tracking variables). This will ultimately skew analytic reporting when it comes down to comparing the levels of traffic coming to your HTTP site.

The main advantage for referral data is that most often, marketers will visit the site that that is sending traffic and showing up in their analytics data. As marketers, this valuable information provides increased visibility on where visitors are coming from. 


A meta referrer tag aims to securely pass information for a marketers analytical purposes. It’s important to note that the receiver of the referral data has no control of how much or how little the HTTPS site wishes to share. Instead, traffic remains encrypted and secure for HTTPS websites, and the meta referrer tag works with browsers to pass referrer information in a way defined by the user.

So why should HTTPS websites “offer up” more information to other non HTTP websites? There is one obvious answer for that: it keeps information flowing on the Internet! It encourages engagement, communication, and even linking in some cases, which can lead to improvements in SEO. Although this tag has been around for a few years, most marketers have yet to know this this tag exists.


The meta referrer tag is placed in the <head> section of your HTML, and references one of five states, which control how browsers send referrer information from your site. The five states are:

None: Never pass referral data


None When Downgrade: Sends referrer information to secure HTTPS sites, but not insecure HTTP sites


Origin Only: Sends the scheme, host, and port (basically, the subdomain) stripped of the full URL as a referrer, i.e. https://augustash.com/example.html would simply send https://augustash.com


Origin When Cross-Origin: Sends the full URL as the referrer when the target has the same scheme, host, and port (i.e. subdomain) regardless if it's HTTP or HTTPS, while sending origin-only referral information to external sites. (note: There is a typo in the official spec. Future versions should be "origin-when-cross-origin")


Unsafe URL: Always passes the URL string as a referrer. Note if you have any sensitive information contained in your URL, this isn't the safest option. By default, URL fragments, username, and password are automatically stripped out.


Have any questions? We would love to hear from you