STRICT_ORIGIN_WHEN_CROSS_ORIGIN

Send the origin, path, and querystring when performing a same-origin request, only send the origin when the
protocol security level stays the same while performing a cross-origin request (HTTPS→HTTPS), and send no header
to any less-secure destinations (HTTPS→HTTP).