From 6f4b03f4cbff0cad7f17595d29baaab0d34ef36d Mon Sep 17 00:00:00 2001
From: Florian Scholz <fs@florianscholz.com>
Date: Thu, 11 Jul 2024 16:47:42 +0200
Subject: [PATCH] Remove obsolete CSP referrer directive

---
 files/en-us/_redirects.txt                    |  1 +
 files/en-us/_wikihistory.json                 |  4 --
 .../headers/content-security-policy/index.md  |  3 -
 .../content-security-policy/referrer/index.md | 66 -------------------
 files/en-us/web/http/headers/referer/index.md |  1 -
 .../web/http/headers/referrer-policy/index.md |  1 -
 6 files changed, 1 insertion(+), 75 deletions(-)
 delete mode 100644 files/en-us/web/http/headers/content-security-policy/referrer/index.md

diff --git a/files/en-us/_redirects.txt b/files/en-us/_redirects.txt
index 20cf7f794226e7e..ae0b79dec073657 100644
--- a/files/en-us/_redirects.txt
+++ b/files/en-us/_redirects.txt
@@ -12306,6 +12306,7 @@
 /en-US/docs/Web/HTTP/HTTP_response_codes	/en-US/docs/Web/HTTP/Status
 /en-US/docs/Web/HTTP/Headers/Cache-Disposition	/en-US/docs/Web/HTTP/Headers/Content-Disposition
 /en-US/docs/Web/HTTP/Headers/Content-Security-Policy/navigate-to	/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
+/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/referrer	/en-US/docs/Web/HTTP/Headers/Referrer-Policy
 /en-US/docs/Web/HTTP/Headers/Content-Security-Policy/require-sri-for	/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
 /en-US/docs/Web/HTTP/Headers/Cookie2	/en-US/docs/Web/HTTP/Headers/Cookie
 /en-US/docs/Web/HTTP/Headers/Feature-Policy	/en-US/docs/Web/HTTP/Headers/Permissions-Policy
diff --git a/files/en-us/_wikihistory.json b/files/en-us/_wikihistory.json
index 6bd8b8c3eb99cd7..209e5b195a7e9c9 100644
--- a/files/en-us/_wikihistory.json
+++ b/files/en-us/_wikihistory.json
@@ -99743,10 +99743,6 @@
     "modified": "2020-10-15T22:21:20.756Z",
     "contributors": ["mfuji09", "bershanskiy"]
   },
-  "Web/HTTP/Headers/Content-Security-Policy/referrer": {
-    "modified": "2020-10-15T21:50:39.723Z",
-    "contributors": ["bershanskiy", "Sheppy", "infuerno", "fscholz", "teoli"]
-  },
   "Web/HTTP/Headers/Content-Security-Policy/report-to": {
     "modified": "2020-10-15T22:03:06.085Z",
     "contributors": [
diff --git a/files/en-us/web/http/headers/content-security-policy/index.md b/files/en-us/web/http/headers/content-security-policy/index.md
index 7999c131fe63625..779cb8735efcbb7 100644
--- a/files/en-us/web/http/headers/content-security-policy/index.md
+++ b/files/en-us/web/http/headers/content-security-policy/index.md
@@ -170,9 +170,6 @@ Reporting directives control the reporting process of CSP violations. See also t
 
 - {{CSP("block-all-mixed-content")}} {{deprecated_inline}}
   - : Prevents loading any assets using HTTP when the page is loaded using HTTPS.
-- {{CSP("referrer")}} {{deprecated_inline}} {{non-standard_inline}}
-  - : Used to specify information in the [Referer](/en-US/docs/Web/HTTP/Headers/Referer) (sic) header for links away
-    from a page. Use the {{HTTPHeader("Referrer-Policy")}} header instead.
 
 ## Values
 
diff --git a/files/en-us/web/http/headers/content-security-policy/referrer/index.md b/files/en-us/web/http/headers/content-security-policy/referrer/index.md
deleted file mode 100644
index 4dce998bf382e0c..000000000000000
--- a/files/en-us/web/http/headers/content-security-policy/referrer/index.md
+++ /dev/null
@@ -1,66 +0,0 @@
----
-title: "CSP: referrer"
-slug: Web/HTTP/Headers/Content-Security-Policy/referrer
-page-type: http-csp-directive
-status:
-  - deprecated
-  - non-standard
-browser-compat: http.headers.Content-Security-Policy.referrer
----
-
-{{HTTPSidebar}} {{deprecated_header}}{{Non-standard_header}}
-
-The HTTP {{HTTPHeader("Content-Security-Policy")}} (CSP)
-**`referrer`** directive used to specify information in the
-{{HTTPHeader("Referer")}} header (with a single `r` as this was a typo in the
-original spec) for links away from a page. This API is deprecated and removed from
-browsers.
-
-> **Note:** Use the {{HTTPHeader("Referrer-Policy")}} header instead.
-
-## Syntax
-
-```http
-Content-Security-Policy: referrer <referrer-policy>;
-```
-
-where `<referrer-policy>` can be one of the following values:
-
-- "no-referrer"
-  - : The {{HTTPHeader("Referer")}} header will be omitted entirely. No referrer
-    information is sent along with requests.
-- "none-when-downgrade"
-  - : This is the user agent's default behavior if no policy is specified. The origin is
-    sent as referrer to a-priori as-much-secure destination (HTTPS->HTTPS), but isn't
-    sent to a less secure destination (HTTPS->HTTP).
-- "origin"
-  - : Only send the origin of the document as the referrer in all cases.
-    The document `https://example.com/page.html` will send the referrer
-    `https://example.com/`.
-- "origin-when-cross-origin" / "origin-when-crossorigin"
-  - : Send a full URL when performing a same-origin request, but only send the origin of
-    the document for other cases.
-- "unsafe-url"
-  - : Send a full URL (stripped from parameters) when performing a same-origin or
-    cross-origin request. This policy will leak origins and paths from TLS-protected
-    resources to insecure origins. Carefully consider the impact of this setting.
-
-## Examples
-
-```http
-Content-Security-Policy: referrer "none";
-```
-
-## Specifications
-
-Not part of any specification.
-
-## Browser compatibility
-
-{{Compat}}
-
-## See also
-
-- {{HTTPHeader("Content-Security-Policy")}}
-- {{HTTPHeader("Referrer-Policy")}} header
-- {{HTTPHeader("Referer")}} header
diff --git a/files/en-us/web/http/headers/referer/index.md b/files/en-us/web/http/headers/referer/index.md
index 6cc46a9b1f014e6..4afe1c79f3ebc96 100644
--- a/files/en-us/web/http/headers/referer/index.md
+++ b/files/en-us/web/http/headers/referer/index.md
@@ -69,6 +69,5 @@ Referer: https://example.com/
 
 - [HTTP referer on Wikipedia](https://en.wikipedia.org/wiki/HTTP_referer)
 - [Fetch](/en-US/docs/Web/API/Fetch_API): {{domxref("Request.referrerPolicy")}}
-- The obsolete {{HTTPHeader("Content-Security-Policy")}} {{HTTPHeader("Content-Security-Policy/referrer", "referrer")}} {{deprecated_inline}} directive.
 - [Same-origin policy](/en-US/docs/Web/Security/Same-origin_policy)
 - [Tighter Control Over Your Referrers – Mozilla Security Blog](https://blog.mozilla.org/security/2015/01/21/meta-referrer/)
diff --git a/files/en-us/web/http/headers/referrer-policy/index.md b/files/en-us/web/http/headers/referrer-policy/index.md
index 67a71d8912c2bf3..701f4df33e9efb4 100644
--- a/files/en-us/web/http/headers/referrer-policy/index.md
+++ b/files/en-us/web/http/headers/referrer-policy/index.md
@@ -188,6 +188,5 @@ All of these settings take the same set of values: `0 = no-referrer`, `1 = same-
 - [Web security > Referer header: privacy and security concerns](/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns)
 - [HTTP referer on Wikipedia](https://en.wikipedia.org/wiki/HTTP_referer)
 - When using [Fetch](/en-US/docs/Web/API/Fetch_API): {{domxref("Request.referrerPolicy")}}
-- The obsolete {{HTTPHeader("Content-Security-Policy")}}'s {{HTTPHeader("Content-Security-Policy/referrer", "referrer")}} {{deprecated_inline}} directive.
 - [Same-origin policy](/en-US/docs/Web/Security/Same-origin_policy)
 - [Tighter Control Over Your Referrers – Mozilla Security Blog](https://blog.mozilla.org/security/2015/01/21/meta-referrer/)