This is the user agent's default behavior if no policy is specified. Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (e.g. HTTPS→HTTPS), and send no header to a less secure destination (e.g. HTTPS→HTTP).
| strict-origin-when-cross-origin | Sends the origin if the protocol security level stays the same or is higher (HTTP to HTTP, HTTPS to HTTPS, and HTTP to HTTPS is ok). Sends nothing to less secure level (HTTPS to HTTP) |
<script src="myscripts.js" referrerpolicy="strict-origin-when-cross-origin"></script>Type: | html |
Category: | Web Tutorial |
Sub Category: | HTML Tag |
Uploaded by: | Admin |