Strip out referers from script src

The answers from 2013 are obsolete: you can do it by setting a referrer policy on your webpage. For example, if you have

<meta name="referrer" content="origin">

on your page, then any <script src="..."> resources fetched from that page (after that line) will send only the origin and not the full URL. Other options include "no-referrer".

See http://caniuse.com/#feat=referrer-policy for status of adoption by browsers: as of Sep 2016 it's supported by most major non-IE browsers. This older blog post on the Mozilla Security blog may be worth reading if you prefer not to read the standard.

You would have to proxy the request for the script through your own server. For example:

<script src="stripreferrer.php?url=http%3A%2F%2Fthirdparty.com%2Ftest.js"></script>

Then, your server-side code would make the HTTP request sans referrer code, and pass the response to the client.