Google Chrome recently introduced (with version 85) a default no-referrer policy for all cross origin traffic if the website has not declared a policy. We expect other browsers, especially those based on Chromium (Edge, Opera, Vivaldi, Brave, etc), to follow suit.
Most browsers by default won’t send the referrer when the user moves from HTTPS to HTTP, but now Chrome will not send the referrer if the user moves between different HTTPS sites unless the originating site explicitly declares that it should.
If you are using a referrer along with a version of chrome 85 or above and if you are able to access content in another non-chrome browser, you have a few options:
- Continue to choose to use a different browser
- Choose a different authentication method
- Talk to your website provider and request to have the appropriate referrer policy on your site
If you are seeing this in browsers other than Chrome, it could be that your website has an explicit no-referrer policy, or a policy that doesn't allow Springer Nature to see the whole URL. This would prevent referrer authentication working in any browser.
The page on which you have a link to our content MUST contain an explicit referrer policy in the html which allows us to see the full URL of the referring page.
If no policy is set, users on Chrome v85 and above will default to "strict-origin-when-cross-origin" and we will be unable to authenticate them.
Similarly, if a policy has been set, but it is one that doesn't allow us to see the full URL path then we may not be able to authenticate your users.
Links to further reading:
Chrome's new browser referrer policy.
Information on the different referrer policies that can be set.