Bug 1506336 [wpt PR 14012] - Add referrer-policy module worker tests, a=testonly
authorHiroshige Hayashizaki <hiroshige@chromium.org>
Sat, 24 Nov 2018 10:28:24 +0000
changeset 507242 f7c412366d16e3a5d93aa2a249c9bf3f97ff841a
parent 507240 e13ba7026e77deebda6fbfa1518709e24f6846e5
child 507243 823f8312186515b6e7a6860306bb8d1f8e838cc8
push id1905
push userffxbld-merge
push dateMon, 21 Jan 2019 12:33:13 +0000
treeherdermozilla-release@c2fca1944d8c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1506336, 14012, 880027, 1330906, 609589
milestone65.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1506336 [wpt PR 14012] - Add referrer-policy module worker tests, a=testonly Automatic update from web-platform-testsAdd referrer-policy module worker tests This CL adds WPT tests for referrer policy applied to module worker top-level script fetch. The only manual changes are - referrer-policy/generic/common.js - referrer-policy/generic/referrer-policy-test-case.js - referrer-policy/spec.src.json and all other modifications are made by referrer-policy/generic/tools/generate.py. Bug: 880027 Change-Id: Ib1f9136161e8efacf317fb9b7e9ba0651a103c41 Reviewed-on: https://chromium-review.googlesource.com/c/1330906 Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org> Reviewed-by: Jochen Eisinger <jochen@chromium.org> Commit-Queue: Hiroshige Hayashizaki <hiroshige@chromium.org> Cr-Commit-Position: refs/heads/master@{#609589} -- wpt-commits: 3557c530a5e8893d66ff9a381f595785c2fd299a wpt-pr: 14012
testing/web-platform/tests/referrer-policy/generic/common.js
testing/web-platform/tests/referrer-policy/generic/referrer-policy-test-case.js
testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html.headers
testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html.headers
testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html.headers
testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html.headers
testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/module-worker/no-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html
testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html.headers
testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html
testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html.headers
testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html
testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html
testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html.headers
testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html.headers
testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/module-worker/no-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html
testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html.headers
testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html
testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html.headers
testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html
testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html
testing/web-platform/tests/referrer-policy/spec.src.json
testing/web-platform/tests/referrer-policy/spec_json.js
testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-insecure.http.html
testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-insecure.http.html.headers
testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-insecure.http.html
testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-insecure.http.html.headers
testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/same-insecure.http.html
testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/module-worker/no-redirect/same-insecure.http.html
testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html.headers
testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html.headers
testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html.headers
testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html.headers
testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/module-worker/no-redirect/generic.http.html
testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
--- a/testing/web-platform/tests/referrer-policy/generic/common.js
+++ b/testing/web-platform/tests/referrer-policy/generic/common.js
@@ -174,16 +174,24 @@ function queryXhr(url, callback) {
 function queryWorker(url, callback) {
   var worker = new Worker(url);
   worker.onmessage = function(event) {
     var server_data = event.data;
     callback(wrapResult(url, server_data), url);
   };
 }
 
+function queryModuleWorkerTopLevel(url, callback) {
+  var worker = new Worker(url, {type: "module"});
+  worker.onmessage = function(event) {
+    var server_data = event.data;
+    callback(wrapResult(url, server_data), url);
+  };
+}
+
 function queryFetch(url, callback) {
   fetch(url).then(function(response) {
       response.json().then(function(server_data) {
         callback(wrapResult(url, server_data), url);
       });
     }
   );
 }
--- a/testing/web-platform/tests/referrer-policy/generic/referrer-policy-test-case.js
+++ b/testing/web-platform/tests/referrer-policy/generic/referrer-policy-test-case.js
@@ -16,16 +16,17 @@ function ReferrerPolicyTestCase(scenario
   var subresourceInvoker = {
     "a-tag": queryLink,
     "area-tag": queryAreaLink,
     "fetch-request": queryFetch,
     "iframe-tag": queryIframe,
     "img-tag":  queryImage,
     "script-tag": queryScript,
     "worker-request": queryWorker,
+    "module-worker": queryModuleWorkerTopLevel,
     "xhr-request": queryXhr
   };
 
   var referrerUrlResolver = {
     "omitted": function() {
       return undefined;
     },
     "origin": function() {
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "no-referrer-when-downgrade",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "no-referrer-when-downgrade",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/http-rp/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer-when-downgrade
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <meta name="referrer" content="no-referrer-when-downgrade">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "no-referrer-when-downgrade",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer-when-downgrade/meta-referrer/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer-when-downgrade'</title>
+    <meta name="description" content="Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information.">
+    <meta name="referrer" content="no-referrer-when-downgrade">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "no-referrer-when-downgrade",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+    <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "no-referrer",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+    <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "no-referrer",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: no-referrer
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+    <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+    <meta name="referrer" content="no-referrer">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "no-referrer",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/no-referrer/meta-referrer/same-origin/http-http/module-worker/no-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'no-referrer'</title>
+    <meta name="description" content="Check that sub-resource never gets the referrer URL.">
+    <meta name="referrer" content="no-referrer">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "no-referrer",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "origin-when-cross-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "origin-when-cross-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin-when-cross-origin
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="origin-when-cross-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "origin-when-cross-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin-when-cross-origin/meta-referrer/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'origin-when-cross-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="origin-when-cross-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "origin-when-cross-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+    <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+    <meta name="assert" content="The referrer URL is origin when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "origin"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+    <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+    <meta name="assert" content="The referrer URL is origin when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "origin"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: origin
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+    <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+    <meta name="referrer" content="origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+    <meta name="assert" content="The referrer URL is origin when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "origin"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/origin/meta-referrer/same-origin/http-http/module-worker/no-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'origin'</title>
+    <meta name="description" content="Check that all subresources in all casses get only the origin portion of the referrer URL.">
+    <meta name="referrer" content="origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin">
+    <meta name="assert" content="The referrer URL is origin when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "origin"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/same-origin-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/module-worker/no-redirect/same-origin-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
--- a/testing/web-platform/tests/referrer-policy/spec.src.json
+++ b/testing/web-platform/tests/referrer-policy/spec.src.json
@@ -450,28 +450,34 @@
     {
       "name": "cross-origin-workers",
       "expansion": "*",
       "source_protocol": "*",
       "target_protocol": "*",
       "redirection": "*",
       "delivery_method": "*",
       "origin": "cross-origin",
-      "subresource": "worker-request",
+      "subresource": [
+        "worker-request",
+        "module-worker"
+      ],
       "referrer_url": "*"
     },
     {
       "name": "upgraded-protocol-workers",
       "expansion": "*",
       "source_protocol": "http",
       "target_protocol": "https",
       "delivery_method": "*",
       "redirection": "*",
       "origin": "*",
-      "subresource": "worker-request",
+      "subresource": [
+        "worker-request",
+        "module-worker"
+      ],
       "referrer_url": "*"
     },
     {
       "name": "mixed-content-insecure-subresources",
       "expansion": "*",
       "source_protocol": "https",
       "target_protocol": "http",
       "delivery_method": "*",
@@ -486,16 +492,17 @@
       "source_protocol": "*",
       "target_protocol": "*",
       "delivery_method": ["attr-referrer"],
       "redirection": "*",
       "origin": "*",
       "subresource": [
         "xhr-request",
         "worker-request",
+        "module-worker",
         "fetch-request"
       ],
       "referrer_url": "*"
     },
     {
       "name": "elements-not-supporting-rel-noreferrer",
       "expansion": "*",
       "source_protocol": "*",
@@ -504,16 +511,17 @@
       "redirection": "*",
       "origin": "*",
       "subresource": [
         "iframe-tag",
         "img-tag",
         "script-tag",
         "xhr-request",
         "worker-request",
+        "module-worker",
         "fetch-request",
         "area-tag"
       ],
       "referrer_url": "*"
     },
     {
       "name": "area-tag",
       "expansion": "*",
@@ -528,17 +536,20 @@
     {
       "name": "worker-requests-with-swap-origin-redirect",
       "expansion": "*",
       "source_protocol": "*",
       "target_protocol": "*",
       "delivery_method": "*",
       "redirection": "swap-origin-redirect",
       "origin": "*",
-      "subresource": ["worker-request"],
+      "subresource": [
+        "worker-request",
+        "module-worker"
+      ],
       "referrer_url": "*"
     },
     {
       "name": "overhead-for-redirection",
       "expansion": "*",
       "source_protocol": "*",
       "target_protocol": "*",
       "delivery_method": "*",
@@ -609,16 +620,17 @@
     "subresource": [
       "iframe-tag",
       "img-tag",
       "script-tag",
       "a-tag",
       "area-tag",
       "xhr-request",
       "worker-request",
+      "module-worker",
       "fetch-request"
     ],
 
     "referrer_url": [
       "omitted",
       "origin",
       "stripped-referrer"
     ]
@@ -627,11 +639,12 @@
   "subresource_path": {
     "a-tag": "/referrer-policy/generic/subresource/document.py",
     "area-tag": "/referrer-policy/generic/subresource/document.py",
     "fetch-request": "/referrer-policy/generic/subresource/xhr.py",
     "iframe-tag": "/referrer-policy/generic/subresource/document.py",
     "img-tag": "/referrer-policy/generic/subresource/image.py",
     "script-tag": "/referrer-policy/generic/subresource/script.py",
     "worker-request": "/referrer-policy/generic/subresource/worker.py",
+    "module-worker": "/referrer-policy/generic/subresource/worker.py",
     "xhr-request": "/referrer-policy/generic/subresource/xhr.py"
   }
 }
--- a/testing/web-platform/tests/referrer-policy/spec_json.js
+++ b/testing/web-platform/tests/referrer-policy/spec_json.js
@@ -1,1 +1,1 @@
-var SPEC_JSON = {"subresource_path": {"img-tag": "/referrer-policy/generic/subresource/image.py", "fetch-request": "/referrer-policy/generic/subresource/xhr.py", "a-tag": "/referrer-policy/generic/subresource/document.py", "area-tag": "/referrer-policy/generic/subresource/document.py", "iframe-tag": "/referrer-policy/generic/subresource/document.py", "xhr-request": "/referrer-policy/generic/subresource/xhr.py", "worker-request": "/referrer-policy/generic/subresource/worker.py", "script-tag": "/referrer-policy/generic/subresource/script.py"}, "test_expansion_schema": {"origin": ["same-origin", "cross-origin"], "subresource": ["iframe-tag", "img-tag", "script-tag", "a-tag", "area-tag", "xhr-request", "worker-request", "fetch-request"], "target_protocol": ["http", "https"], "expansion": ["default", "override"], "delivery_method": ["http-rp", "meta-referrer", "attr-referrer", "rel-noreferrer"], "redirection": ["no-redirect", "keep-origin-redirect", "swap-origin-redirect"], "referrer_url": ["omitted", "origin", "stripped-referrer"], "source_protocol": ["http", "https"]}, "specification": [{"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policies", "referrer_policy": null, "title": "Referrer Policy is not explicitly defined", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}], "name": "unset-referrer-policy", "description": "Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer", "referrer_policy": "no-referrer", "title": "Referrer Policy is set to 'no-referrer'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}], "name": "no-referrer", "description": "Check that sub-resource never gets the referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade", "referrer_policy": "no-referrer-when-downgrade", "title": "Referrer Policy is set to 'no-referrer-when-downgrade'", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}], "name": "no-referrer-when-downgrade", "description": "Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin", "referrer_policy": "origin", "title": "Referrer Policy is set to 'origin'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}], "name": "origin", "description": "Check that all subresources in all casses get only the origin portion of the referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin", "referrer_policy": "same-origin", "title": "Referrer Policy is set to 'same-origin'", "test_expansion": [{"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-secure-default", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "*", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-origin", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}], "name": "same-origin", "description": "Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin", "referrer_policy": "origin-when-cross-origin", "title": "Referrer Policy is set to 'origin-when-cross-origin'", "test_expansion": [{"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-secure-default", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-upgrade", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-downgrade", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "*", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-origin", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}], "name": "origin-when-cross-origin", "description": "Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin", "referrer_policy": "strict-origin", "title": "Referrer Policy is set to 'strict-origin'", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}], "name": "strict-origin", "description": "Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin", "referrer_policy": "strict-origin-when-cross-origin", "title": "Referrer Policy is set to 'strict-origin-when-cross-origin'", "test_expansion": [{"origin": "same-origin", "name": "same-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-insecure", "target_protocol": "http", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-secure", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-secure", "target_protocol": "https", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-secure", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}], "name": "strict-origin-when-cross-origin", "description": "Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url", "referrer_policy": "unsafe-url", "title": "Referrer Policy is set to 'unsafe-url'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "*", "subresource": "*"}], "name": "unsafe-url", "description": "Check that all sub-resources get the stripped referrer URL."}], "referrer_policy_schema": [null, "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "origin-when-cross-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url"], "excluded_tests": [{"origin": "cross-origin", "name": "cross-origin-workers", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": "worker-request"}, {"origin": "*", "name": "upgraded-protocol-workers", "target_protocol": "https", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "http", "subresource": "worker-request"}, {"origin": "*", "name": "mixed-content-insecure-subresources", "target_protocol": "http", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "elements-not-supporting-attr-referrer", "target_protocol": "*", "expansion": "*", "delivery_method": ["attr-referrer"], "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": ["xhr-request", "worker-request", "fetch-request"]}, {"origin": "*", "name": "elements-not-supporting-rel-noreferrer", "target_protocol": "*", "expansion": "*", "delivery_method": ["rel-noreferrer"], "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": ["iframe-tag", "img-tag", "script-tag", "xhr-request", "worker-request", "fetch-request", "area-tag"]}, {"origin": "*", "name": "area-tag", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": "area-tag"}, {"origin": "*", "name": "worker-requests-with-swap-origin-redirect", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "swap-origin-redirect", "referrer_url": "*", "source_protocol": "*", "subresource": ["worker-request"]}, {"origin": "*", "name": "overhead-for-redirection", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": ["keep-origin-redirect", "swap-origin-redirect"], "referrer_url": "*", "source_protocol": "*", "subresource": ["a-tag", "area-tag"]}, {"origin": "*", "name": "source-https-unsupported-by-web-platform-tests-runners", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "https", "subresource": "*"}]};
+var SPEC_JSON = {"subresource_path": {"img-tag": "/referrer-policy/generic/subresource/image.py", "fetch-request": "/referrer-policy/generic/subresource/xhr.py", "module-worker": "/referrer-policy/generic/subresource/worker.py", "a-tag": "/referrer-policy/generic/subresource/document.py", "area-tag": "/referrer-policy/generic/subresource/document.py", "iframe-tag": "/referrer-policy/generic/subresource/document.py", "xhr-request": "/referrer-policy/generic/subresource/xhr.py", "worker-request": "/referrer-policy/generic/subresource/worker.py", "script-tag": "/referrer-policy/generic/subresource/script.py"}, "test_expansion_schema": {"origin": ["same-origin", "cross-origin"], "subresource": ["iframe-tag", "img-tag", "script-tag", "a-tag", "area-tag", "xhr-request", "worker-request", "module-worker", "fetch-request"], "target_protocol": ["http", "https"], "expansion": ["default", "override"], "delivery_method": ["http-rp", "meta-referrer", "attr-referrer", "rel-noreferrer"], "redirection": ["no-redirect", "keep-origin-redirect", "swap-origin-redirect"], "referrer_url": ["omitted", "origin", "stripped-referrer"], "source_protocol": ["http", "https"]}, "specification": [{"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policies", "referrer_policy": null, "title": "Referrer Policy is not explicitly defined", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}], "name": "unset-referrer-policy", "description": "Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer", "referrer_policy": "no-referrer", "title": "Referrer Policy is set to 'no-referrer'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}], "name": "no-referrer", "description": "Check that sub-resource never gets the referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-no-referrer-when-downgrade", "referrer_policy": "no-referrer-when-downgrade", "title": "Referrer Policy is set to 'no-referrer-when-downgrade'", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}], "name": "no-referrer-when-downgrade", "description": "Check that non a priori insecure subresource gets the full Referrer URL. A priori insecure subresource gets no referrer information."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin", "referrer_policy": "origin", "title": "Referrer Policy is set to 'origin'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}], "name": "origin", "description": "Check that all subresources in all casses get only the origin portion of the referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin", "referrer_policy": "same-origin", "title": "Referrer Policy is set to 'same-origin'", "test_expansion": [{"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-secure-default", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "*", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-origin", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "*", "subresource": "*"}], "name": "same-origin", "description": "Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-origin-when-cross-origin", "referrer_policy": "origin-when-cross-origin", "title": "Referrer Policy is set to 'origin-when-cross-origin'", "test_expansion": [{"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-secure-default", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-upgrade", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-downgrade", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-origin-insecure", "target_protocol": "*", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-origin", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "*", "subresource": "*"}], "name": "origin-when-cross-origin", "description": "Check that cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin", "referrer_policy": "strict-origin", "title": "Referrer Policy is set to 'strict-origin'", "test_expansion": [{"origin": "*", "name": "insecure-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "secure-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}], "name": "strict-origin", "description": "Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin", "referrer_policy": "strict-origin-when-cross-origin", "title": "Referrer Policy is set to 'strict-origin-when-cross-origin'", "test_expansion": [{"origin": "same-origin", "name": "same-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "http", "subresource": "*"}, {"origin": "same-origin", "name": "same-insecure", "target_protocol": "http", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-insecure", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "upgrade-protocol", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "http", "subresource": "*"}, {"origin": "*", "name": "downgrade-protocol", "target_protocol": "http", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "omitted", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-secure", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "https", "subresource": "*"}, {"origin": "same-origin", "name": "same-secure", "target_protocol": "https", "expansion": "override", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "swap-origin-redirect", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}, {"origin": "cross-origin", "name": "cross-secure", "target_protocol": "https", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "origin", "source_protocol": "https", "subresource": "*"}], "name": "strict-origin-when-cross-origin", "description": "Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL."}, {"specification_url": "https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url", "referrer_policy": "unsafe-url", "title": "Referrer Policy is set to 'unsafe-url'", "test_expansion": [{"origin": "*", "name": "generic", "target_protocol": "*", "expansion": "default", "delivery_method": ["http-rp", "meta-referrer", "attr-referrer"], "redirection": "*", "referrer_url": "stripped-referrer", "source_protocol": "*", "subresource": "*"}], "name": "unsafe-url", "description": "Check that all sub-resources get the stripped referrer URL."}], "referrer_policy_schema": [null, "no-referrer", "no-referrer-when-downgrade", "same-origin", "origin", "origin-when-cross-origin", "strict-origin", "strict-origin-when-cross-origin", "unsafe-url"], "excluded_tests": [{"origin": "cross-origin", "name": "cross-origin-workers", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": ["worker-request", "module-worker"]}, {"origin": "*", "name": "upgraded-protocol-workers", "target_protocol": "https", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "http", "subresource": ["worker-request", "module-worker"]}, {"origin": "*", "name": "mixed-content-insecure-subresources", "target_protocol": "http", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "https", "subresource": "*"}, {"origin": "*", "name": "elements-not-supporting-attr-referrer", "target_protocol": "*", "expansion": "*", "delivery_method": ["attr-referrer"], "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": ["xhr-request", "worker-request", "module-worker", "fetch-request"]}, {"origin": "*", "name": "elements-not-supporting-rel-noreferrer", "target_protocol": "*", "expansion": "*", "delivery_method": ["rel-noreferrer"], "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": ["iframe-tag", "img-tag", "script-tag", "xhr-request", "worker-request", "module-worker", "fetch-request", "area-tag"]}, {"origin": "*", "name": "area-tag", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "*", "subresource": "area-tag"}, {"origin": "*", "name": "worker-requests-with-swap-origin-redirect", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "swap-origin-redirect", "referrer_url": "*", "source_protocol": "*", "subresource": ["worker-request", "module-worker"]}, {"origin": "*", "name": "overhead-for-redirection", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": ["keep-origin-redirect", "swap-origin-redirect"], "referrer_url": "*", "source_protocol": "*", "subresource": ["a-tag", "area-tag"]}, {"origin": "*", "name": "source-https-unsupported-by-web-platform-tests-runners", "target_protocol": "*", "expansion": "*", "delivery_method": "*", "redirection": "*", "referrer_url": "*", "source_protocol": "https", "subresource": "*"}]};
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+    <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "strict-origin-when-cross-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/same-insecure.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+    <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "strict-origin-when-cross-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/http-rp/same-origin/http-http/module-worker/no-redirect/same-insecure.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin-when-cross-origin
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/same-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+    <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="strict-origin-when-cross-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "strict-origin-when-cross-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin-when-cross-origin/meta-referrer/same-origin/http-http/module-worker/no-redirect/same-insecure.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'strict-origin-when-cross-origin'</title>
+    <meta name="description" content="Check that a priori insecure subresource gets no referrer information. Otherwise, cross-origin subresources get the origin portion of the referrer URL and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="strict-origin-when-cross-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin-when-cross-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "strict-origin-when-cross-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+    <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+    <meta name="assert" content="The referrer URL is origin when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "strict-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "origin"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+    <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+    <meta name="assert" content="The referrer URL is origin when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "strict-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "origin"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/http-rp/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: strict-origin
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+    <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+    <meta name="referrer" content="strict-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+    <meta name="assert" content="The referrer URL is origin when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "strict-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "origin"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/strict-origin/meta-referrer/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'strict-origin'</title>
+    <meta name="description" content="Check that non a priori insecure subresource gets only the origin portion of the referrer URL. A priori insecure subresource gets no referrer information.">
+    <meta name="referrer" content="strict-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-strict-origin">
+    <meta name="assert" content="The referrer URL is origin when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "strict-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "origin"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/module-worker/no-redirect/generic.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/module-worker/no-redirect/generic.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+    <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": null,
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/http-rp/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+    <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": null,
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/module-worker/keep-origin-redirect/insecure-protocol.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+    <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": null,
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unset-referrer-policy/meta-referrer/same-origin/http-http/module-worker/no-redirect/insecure-protocol.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is not explicitly defined</title>
+    <meta name="description" content="Check that referrer URL follows no-referrer-when-downgrade policy when no explicit Referrer Policy is set.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policies">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via module-worker using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": null,
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "module-worker",
+          "subresource_path": "/referrer-policy/generic/subresource/worker.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>