Yes, it’s a unique for each site which makes webauthn extremely phishing resistant. Even on look alike domains the origin doesn’t match and your phone has nothing to send.