Add a note about same-origin as a referrer policy.

[coderanger]

[coderanger]

Any objections to this?

[kezabelle]

Thank goodness for MDN provides an example table to lookup the various policies and how they behave ;) Seems sensible enough to me, though I'd encourage someone with more awareness of CSRF & all the security jazz gets pinged to double-triple-check this is the right policy to recommend in such cases.

TBH I feel like the whole admonition could do with a bit of a rewording, because it's essentially "you might think you want want to do this, but don't" but phrased in an encouraging way that initially suggests you should do them...

[felixxm]

@coderanger Do you have time to keep working on this?

[felixxm]

Closing due to inactivity.