Strict-origin-when-cross-origin Chrome [patched] May 2026

<meta name="referrer" content="strict-origin-when-cross-origin">

Referrer-Policy: strict-origin-when-cross-origin As of Chrome 120+, strict-origin-when-cross-origin remains the default. The newer ReferrerPolicy enum (in Fetch spec) treats it as the recommended "safe" default for most sites. No planned changes to remove or alter it as of 2026. Bottom line: In Chrome, this policy gives you same-origin path visibility, cross-origin origin-only visibility, and zero referrer on protocol downgrade — the safest practical default. strict-origin-when-cross-origin chrome