Why public google user content images return 403

Published on Sunday, January 9, 2022

When using Google as your OIDC provider you can ask for the picture claim which contains the user's profile picture. It's usually a url like this:


I wanted to show the user profile in an <img> tag, but Google was responding with 403. I searched around for an answer and I stumbled upon this stackoverflow answer which had the solution:

<img src="https://lh3.googleusercontent.com/erjNVzk6nPUaUZuOTg2ObT12EzWWIokbuRdyuTkxRGR1nXQ5vhYk34twIt05FmaBNt7_yB3J" referrerpolicy="no-referrer">

By setting the referrerpolicy attribute to no-referrer, the browser will not send the referrer header and this seems to solve the issue.

comments powered by Disqus