What is meant by cross-site here? Does it mean a different eTLD+1, or a different origin (as used by CORS)?
Specifically, if I make a request from https://www.example.com/path?query to https://api.example.com will the referer header contain the "/path?query"? or will that get blocked as well?
What is meant by cross-site here? Does it mean a different eTLD+1, or a different origin (as used by CORS)?
Specifically, if I make a request from https://www.example.com/path?query to https://api.example.com will the referer header contain the "/path?query"? or will that get blocked as well?