The default referrer policy is "no-referrer-when-downgrade", so it won't send a Referer header to a "less" secure destination (HTTPS -> HTTP), but it will send one to an "equally" secure destination (HTTPS -> HTTPS).
Websites can override this though. For example, HN could send a "no-referrer" directive to prevent any Referer header being sent.
Websites can override this though. For example, HN could send a "no-referrer" directive to prevent any Referer header being sent.
More information: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Re...