<CALx_OUDegpk3dfzi2z4aZjt_d_wkJzrHz+wiFBf4grsKoWeTtQ@mail.gmail.com>
Current votes: None.
> It would be nice if this could be done orthogonally to rel="noreferrer", and > in a way that's link-specific instead of global to the whole page; for > example, <a rel="originreferrer">, <a rel="alwaysreferrer">. There is a fairly strong security benefit of policing it on document- or even origin-level: it's exceedingly easy to miss an outgoing link or a Referer-sending subresource (including <img>, <iframe>, <link rel=...>) otherwise. It's roughly the same reason why we have CSP, even though policing the markup is theoretically possible without it. /mz