no-referrer-when-downgrade Origin, path, query in Referer when HTTP→HTTP, HTTP→HTTPS, HTTPS→HTTPS No Referer information when HTTPS→HTTP, HTTPS→file Referrer-Policy: origin Only Origin https://example.com/page.html >> https://example.com/ Referrer-Policy: origin-when-cross-origin Origin, path, query in Referer when a same-origin request to the same protocol Send origin (only) for cross origin requests and requests to less secure destinations. HTTP Strict Transport Security X-Frame-Options X-Content-Type-Options Referrer-Policy Content-Security-Policy