Referrer Spoofing

Top-level navigations:

• same-origin navigation (should be untouched)
• cross-origin navigation (should be trimmed to https://fmarier.github.io/)
• cross-origin HTTP navigation (should be blank)

Form-submission:

(should be trimmed to https://fmarier.github.io/)
(should be blank)
• same-origin submission

iframe navigations:

• same-origin navigation:
  
  (should be untouched)
• cross-origin navigation:
  
  (should be trimmed to https://fmarier.github.io/)
• cross-origin navigation (redirected via meta):
  
  (should be trimmed to https://fmarier.github.io/)
• cross-origin navigation (redirected via an insecure 301):
  
  (should be blank)
• cross-origin navigation:
  
  (should be trimmed to https://fmarier.github.io/)

More redirection-based and same-site tests.