Referrer policies 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin'

The Referrer Policy specification includes three policy values that Chrome doesn't yet implement. - same-origin: Send full referrers same-origin, no referrers cross-origin. - strict-origin: Strip referrers to the origin, but strip them when downgrading from HTTPS to HTTP. - strict-origin-when-cross-origin: Send full referrers same-origin, and the origin when cross-origin, but strip referrers when downgrading from HTTPS to HTTP.

Specification

Editor's draft

Status in Chromium

Blink>SecurityFeature


Enabled by default (tracking bug) in:

  • Chrome for desktop release 61
  • Chrome for Android release 61
  • Android WebView release 61

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Shipped
  • No public signals
  • No public signals
  • Positive

Owners

Last updated on 2017-06-22