You're right! I'm on Firefox and I just figured out how to test it and it seems Lemmy's web UI thing sets the referrer policy to same-origin which means no referrer information is sent when navigating to a different domain.
But my copy of Firefox's default referrer policy is set to strict-origin-when-cross-origin so it would have sent "https://hexbear.net" if the referrer policy was not set.
My bad, I should have checked first to be sure. I would hate to be a web developer lol
Weird, I tested it by clicking the lemmy.ml link and didn't see a referer header in the request headers.
You're right! I'm on Firefox and I just figured out how to test it and it seems Lemmy's web UI thing sets the referrer policy to
same-originwhich means no referrer information is sent when navigating to a different domain.But my copy of Firefox's default referrer policy is set to
strict-origin-when-cross-originso it would have sent "https://hexbear.net" if the referrer policy was not set.My bad, I should have checked first to be sure. I would hate to be a web developer lol
Just a nightmare interaction of various RFCs and their consequences.