|
|
|
|
|
|
by londons_explore
1900 days ago
|
|
|
You're mistaken. MdN says: strict-origin-when-cross-origin (default)
Send the origin, path, and querystring when performing a same-origin request. For cross-origin requests send the origin (only) when the protocol security level stays same (HTTPS→HTTPS). So no path is sent to the destination of a link over https - only the domain. |
|
|
> Don't send the Referer header to less secure destinations (HTTPS→HTTP).
The referer header is still sent from HTTPS to HTTPS.