HTTP requests may include the optional Referer header, which indicates the origin or website URL the request was made up of. The Referrer-Policy header defines what data is formed available within the Referer header, and for navigation and iframes within the destination’s document.referrer.
This means that if no policy is about for your website, Chrome will use strict-origin-when-cross-origin by default. Note that you simply can still set a policy of your choice; this alteration will only have an impact on websites that haven’t any policy set.
What does this alteration mean?
Strict-origin-when-cross-origin offers more privacy. With this policy, only the origin is shipped within the Referer header of cross-origin requests. This prevents leaks of personal data which will be accessible from other parts of the complete URL like the trail and query string.
No Referrer When Downgrade
The no-referrer-when-downgrade referer security header will pass your entire URL, including the online page URL, to the destination page. However, it’ll not send any URL information if the link is to an insecure URL.
No-referrer-when-downgrade is beneficial because it’ll keep data from being leaked through an insecure link but it’ll still show the complete URL of the referring site. This is often useful for edge cases where there’s a reason you would like to pass the complete website URL.