To better understand the impact, here is how it compares to other common policies:
(Use caution when setting less strict policies like unsafe-url , as you risk leaking user data.) strict-origin-when-cross-origin chrome
If a page sends Referrer-Policy: unsafe-url , Chrome ignores strict-origin-when-cross-origin for that request. To better understand the impact, here is how
If a user navigates within the same site (matching scheme, domain, and port), Chrome sends the full URL including the path and query parameters. To better understand the impact
This is useful for analytics and debugging within your own site, as you can see exactly which internal page led the user to their current location.