When you follow a link from the Archive to another site or go to a page with the Twitter widget (e.g. a work), a header like the following is sent to that site:
The header contains the URL of the page you're coming from (or, in the case of Twitter, the page the widget is being loaded on – in other words, Twitter can tell what work you're accessing, and if you're logged in, that information is likely associated with your Twitter account).
To test, open your browser’s developer tools and check the response headers after navigating from one Archive page to another. The Referrer-Policy should say same-origin. (You may need to consult Google for instructions specific to your browser.)
When testing, we should also make sure the Twitter share widget on works is still functional, and we should also check that New Relic still contains referrer information.
Just to note, this may not be effective in all browsers yet, specifically Edge/IE and mobile Safari: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy But hopefully that will improve over time.
Twitter share on my work still works.
Caused a 500 error and checked New Relic. It correctly showed https://test.archiveofourown.org/collections/GEWithLargeTagSet/signups/new as the HTTP referrer.
Used the Resources tab in Safari 12.1.2’s developer tools to check the response headers after navigating from one Archive page to another. It said same-origin for Referrer-Policy.
The Twitter share button on each work still works.
New Relic for the test site still tracks referer for errors.
Using Chrome 77.0.3865.90, loaded a work on beta, checked the Twitter widget request:
From the work, followed a tag link. Same referer header.
Loaded a work on test:
From the work, followed a tag link.
Referer is kept if I stayed on the site, scrubbed if I left. Looks good.