Add m-esr52 at 52.6.0

170 files changed, 5000 insertions, 0 deletions

diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..14e928ea8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..0e549ae0d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ea0d40232
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0acf101b8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..7026fe1d1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e8bb9ae85
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..73f992b65
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..7fc3541bc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..73ba641f9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..172853a4f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..b2104f4cb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c984c4363
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4cb71bcbf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..66abd90fd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7c366c108
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..11683e44b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..617093728
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..594c2984d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f17556c54
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fa91f2cbb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/attr-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..18dba0048
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..9d8b2b2c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2befacac7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..988c99d5c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..7588d84e0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3e2b36979
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b26c3efdc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..c7c348f90
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..126e278b4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..f22d6d87b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..90dd8881d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8dd055d71
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..32248c739
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..4e41494b8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..08973c571
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..863791529
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..1e66182f0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..289a4a507
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4d44a10b7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..d76ff641a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..37d4e3e46
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2757dabaa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..8a405470c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f5c690b8b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ba1424c06
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..7aebb65a5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8d145be6b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6d334876d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..941dd867f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..41e0570ec
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8f72529b6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..36e5d0a32
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..87cc41497
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..41d8f63f2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..e9082a803
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..731cb6339
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..94a1ceca8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..0e0fc8e5b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..b5f8a4cbd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..bbc8f26a5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..d373139d1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..49468d125
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..c3be3878e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..f4800516d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ce60482bd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5714a7e06
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ca5c1fd4b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..934fb53a6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..755075a17
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..56c1bdb7d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..309da8091
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/http-rp/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: same-origin
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..986434466
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..a70bbb7ff
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..2199fbacc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0038a1a78
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..8555bc6cc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..bd2014b06
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b519ebcfb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..a70f22d69
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..633938985
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..b9eefbc30
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..82fc3b114
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..bbcbe233f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..fd270955f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..4739c5847
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fe6f02837
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-http/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5d0f8168c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..3a4fb95e8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..20c2f4f49
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/fetch-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d3ad1f9c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..5de6a24aa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d39c95d82
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/iframe-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..df9f3a839
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..729839842
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f5e5c5230
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/img-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5e03688c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..346e401ef
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..27d89b3c0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/script-tag/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
new file mode 100644
index 000000000..045dc0617
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
new file mode 100644
index 000000000..aadf71777
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
new file mode 100644
index 000000000..aada3951f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/cross-origin/http-https/xhr-request/cross-origin.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9bbbfb72f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..6d7a54cdb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8117e29c0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..34859ed87
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..e73908952
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0080977a7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..155bf0109
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..7b3442d29
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fe2b40c58
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..18f3dbc80
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..f296512ef
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..8eaeb5cd8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9ca451221
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
new file mode 100644
index 000000000..a8ec1e6ac
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5fdacce40
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-http/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..cac271986
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/fetch-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7023a52be
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/iframe-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a6be79bcd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/img-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..70602133f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/script-tag/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
new file mode 100644
index 000000000..27a95b7ad
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/same-origin/meta-referrer/same-origin/http-https/xhr-request/same-origin-insecure.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'same-origin'</title>
+    <meta name="description" content="Check that cross-origin subresources get no referrer information and same-origin get the stripped referrer URL.">
+    <meta name="referrer" content="same-origin">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin">
+    <meta name="assert" content="The referrer URL is omitted when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "same-origin",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "omitted"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>