strict-origin-when-cross-origin (default)
Send the origin, path, and querystring when performing a same-origin request. For cross-origin requests send the origin (only) when the protocol security level stays same (HTTPS→HTTPS).
So no path is sent to the destination of a link over https - only the domain.
strict-origin-when-cross-origin (default) Send the origin, path, and querystring when performing a same-origin request. For cross-origin requests send the origin (only) when the protocol security level stays same (HTTPS→HTTPS).
So no path is sent to the destination of a link over https - only the domain.