Bug 215163

I've tested how Safari sends a referrer for cross-site requests. The following post mentions that Safari sends a referrer downgraded to its origin for all cross-site requests. > ITP now downgrades all cross-site request referrer headers to just the page’s origin. https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/ So, I've tested with two sites that are created on glitch.me. glitch.me is registered in the Public Suffix List, so I guess that the referrer for a request between the two sites is its origin, not full URL. https://publicsuffix.org/list/public_suffix_list.dat But the Referer header was the full URL, not the origin. You can test it like this. - Navigate https://referrer-a.glitch.me/referrer-a - Open Network Panel - Click Navigate Referrer B - Check the Referer header for a request to https://referrer-b.glitch.me/referrer-b Expected Referer Header: https://referrer-a.glitch.me Actual Referer Header: https://referrer-a.glitch.me/referrer-a. The cross-site that the blog post mentioned is eTLD+1, isn't it? https://web.dev/same-site-same-origin/