Strict-origin-when-cross-origin Chrome |work| Jun 2026

While it often appears in the browser console alongside CORS (Cross-Origin Resource Sharing) errors, it is actually a separate privacy mechanism. A "strict-origin-when-cross-origin" message in the console usually just means the browser is reporting its current privacy policy, not necessarily failing a request. How to Change It

// Cross origin → Referer: only origin fetch('https://other-site.com/api'); strict-origin-when-cross-origin chrome