docs: hero referrer fix done — referrerpolicy now consistent across all remote images

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
jay
2026-06-30 14:38:53 -04:00
parent 4d2f5e3703
commit d79c52dab4
+7 -6
View File
@@ -68,9 +68,10 @@ bots. Compare `d7` after a full week, `d30` after thirty days. (Admin shows this
Privacy unchanged: only a salted `visitor_hash` is stored (no IP, no raw token, no fingerprint).
### Optional (not done) — homepage hero referrer
For `remote` images, article cards and the share page use `<img referrerpolicy="no-referrer">`, so
the publisher CDN doesn't get the referring URL. The homepage hero (`.news-plate`) is a CSS
`background-image`, which can't carry that policy, so it leaks the referrer (not the IP — that's
unavoidable for any remote image). Converting the hero to a real `<img referrerpolicy="no-referrer">`
would make it consistent. Deferred pending an owner decision (touches the cover/contain hero rendering).
### Referrer suppression on remote images
Every on-site image request for a `remote` source sets `referrerpolicy="no-referrer"` so the
publisher CDN doesn't get the referring URL: article cards, the share page, AND the homepage hero
(converted from a CSS `background-image` to a real `<img>` — the retry probe sets
`probe.referrerPolicy='no-referrer'` too). This hides the *referrer*, **not** the visitor's IP —
any remote image necessarily exposes the IP to the CDN. For zero third-party image requests, the
source must be `none` or explicitly cleared for local caching (`cache`).