The Referrer Policy specification includes three policy values that Chrome doesn't yet implement. - same-origin: Send full referrers same-origin, no referrers cross-origin. - strict-origin: Strip referrers to the origin, but strip them when downgrading from HTTPS to HTTP. - strict-origin-when-cross-origin: Send full referrers same-origin, and the origin when cross-origin, but strip referrers when downgrading from HTTPS to HTTP.

Specification

Specification link


Specification being incubated in a Community Group

Status in Chromium

Blink>SecurityFeature


Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Shipped/Shipping
  • No signal
  • Positive

Owners

Last updated on 2021-09-24