The Referrer Policy specification includes three policy values that Chrome doesn't yet implement.
- same-origin: Send full referrers same-origin, no referrers cross-origin.
- strict-origin: Strip referrers to the origin, but strip them when downgrading from HTTPS to HTTP.
- strict-origin-when-cross-origin: Send full referrers same-origin, and the origin when cross-origin, but strip referrers when downgrading from HTTPS to HTTP.
Changes to API surface:
Additional referrer policy values available in the existing Referrer-Policy header, `referrerpolicy` attribute, and <meta name="referrer" tag>
Public standards discussion: https://lists.w3.org/Archives/Public/public-webappsec/2016Mar/0085.html
Support in other browsers:
Internet Explorer: no signals
Safari: no signals