Add m-esr52 at 52.6.0

204 files changed, 6000 insertions, 0 deletions

diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..1d4be3c77
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..715150770
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..814b6d9ba
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..3bb871203
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..8a8a459f9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..04ae66bd2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..4947e50aa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..39deeac30
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..334ebae52
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ca1f0a68f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..f813f24a6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..d3272c435
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..22800cf4b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..ceaa0164e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5117c0f4d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d891987d3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..246089208
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..10fc2a00f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..9d504a970
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..5fc928a3c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..01d2abbb8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2b520ff43
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..7a2fb09fc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7612d5ef6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/attr-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the attr-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "attr-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..53ab93a35
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..ae0a512ba
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..1360c04c3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e608f52cb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..e8b105995
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..0755eaf96
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6c873e8f0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..e9d9d2469
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..78b871570
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..a38b20f17
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..a7fd03c43
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..06b2b252f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..49c3ec58e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..163b8c8a0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c28550135
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..608035538
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..046b25859
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..59bf756b8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..eee0a3f8b
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..57f1a9d04
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..fdb7033c4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..7168479ac
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..5689889eb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..678d95524
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..73cabcfd9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..fccf29967
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..174c0feac
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..832ceb02e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..4ce779935
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..664cb7e3d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..2ce45af4c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..038a0b2dd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..78b340afe
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..12446ba14
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..70a115d87
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7a083ea6c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..12871fac6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..abd803c44
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..02e9b92a2
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..435281a74
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..dbdf2d6fb
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e1643fd37
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..89acf024f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..9f4319130
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5e492ca91
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..54a2fc322
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..e6775088a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c2bccdf77
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..79cd63640
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..4fc687f97
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3a24da90c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..95154a991
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..501e8ed24
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a49c2a05c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..77d22e913
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..6ab0525a9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..22057804a
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..980c4a9aa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..42c0c4b6f
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.no-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..efb989ee3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <!-- No meta: Referrer policy delivered via HTTP headers. -->
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the http-rp
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "http-rp",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
new file mode 100644
index 000000000..c67e52158
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/http-rp/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html.headers
@@ -0,0 +1,2 @@
+Referrer-Policy: unsafe-url
+Access-Control-Allow-Origin: *
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..15120a2dc
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..dea4a85cf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..c46cbb6a1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e89ee7f89
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..875901b25
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..82858ef62
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..775bf93fa
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..41560ae8c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..03073d50e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..5a1e1ccc6
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..5dab67170
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..50447b968
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e4d2e2c77
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..374f5c0ea
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f02d54bd7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..71778ee0c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..6f34ef157
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ebd930f69
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..18e6eb2b4
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..fc44e3e25
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..5c8822601
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ebf71f175
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..bf6262f26
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..f591cbef0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..ba2d54d62
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..e8b0aa9e8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..a34ce0378
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..6482686b5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..2610bb065
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..740895b80
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/cross-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is cross-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "cross-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..681dab44c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..d72aeb785
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..77c3c68a7
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e5592cd08
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..a87451fbd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..631e1477c
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..0cbf66fed
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..43dc43d04
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..7fe2baacf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..e1db3d1e5
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..404392c8e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..18cd15910
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..34c729544
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..6386f26a9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..e9ffeeba0
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-http/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an http
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "http",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..d3cc95adf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..dbd4183bd
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..6e07cfb09
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/fetch-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via fetch-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "fetch-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..8c54512a9
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..07e669ccf
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..ec2e9c647
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/iframe-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via iframe-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "iframe-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/document.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..da52ddcc8
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..38e401993
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..3ae164bf1
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/img-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via img-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "img-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/image.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..759728b00
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html
new file mode 100644
index 000000000..7b73c8ded
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..379763fc3
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/script-tag/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via script-tag using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "script-tag",
+          "subresource_path": "/referrer-policy/generic/subresource/script.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
new file mode 100644
index 000000000..90417e90e
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.keep-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with keep-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "keep-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html
new file mode 100644
index 000000000..a4e1bee0d
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.no-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with no-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "no-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
new file mode 100644
index 000000000..4780d0d49
--- /dev/null
+++ b/testing/web-platform/tests/referrer-policy/unsafe-url/meta-referrer/same-origin/http-https/xhr-request/generic.swap-origin-redirect.http.html
@@ -0,0 +1,41 @@
+<!DOCTYPE html>
+<!-- DO NOT EDIT! Generated by referrer-policy/generic/tools/generate.py using referrer-policy/generic/template/test.release.html.template. -->
+<html>
+  <head>
+    <title>Referrer-Policy: Referrer Policy is set to 'unsafe-url'</title>
+    <meta name="description" content="Check that all sub-resources get the stripped referrer URL.">
+    <meta name="referrer" content="unsafe-url">
+    <link rel="author" title="Kristijan Burnik" href="burnik@chromium.org">
+    <link rel="help" href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-unsafe-url">
+    <meta name="assert" content="The referrer URL is stripped-referrer when a
+                                 document served over http requires an https
+                                 sub-resource via xhr-request using the meta-referrer
+                                 delivery method with swap-origin-redirect and when
+                                 the target request is same-origin.">
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <!-- TODO(kristijanburnik): Minify and merge both: -->
+    <script src="/referrer-policy/generic/common.js"></script>
+    <script src="/referrer-policy/generic/referrer-policy-test-case.js?pipe=sub"></script>
+  </head>
+  <body>
+    <script>
+      ReferrerPolicyTestCase(
+        {
+          "referrer_policy": "unsafe-url",
+          "delivery_method": "meta-referrer",
+          "redirection": "swap-origin-redirect",
+          "origin": "same-origin",
+          "source_protocol": "http",
+          "target_protocol": "https",
+          "subresource": "xhr-request",
+          "subresource_path": "/referrer-policy/generic/subresource/xhr.py",
+          "referrer_url": "stripped-referrer"
+        },
+        document.querySelector("meta[name=assert]").content,
+        new SanityChecker()
+      ).start();
+      </script>
+    <div id="log"></div>
+  </body>
+</html>