I'm hardly speaking with any authority here but my hope/expectation is that
using Origin Only for the Referrer Policy would provide enough info in the
referer (the origin) so as to not break search engines flows or other
analytics that are using data from the referer header. The referring domain
Dear Michael Jones, Dick Hardt:
An IPR disclosure that pertains to your RFC entitled The OAuth 2.0
Authorization Framework: Bearer Token Usage (RFC6750) was submitted to the
IETF Secretariat on and has been posted on the IETF Page of Intellectual
Property Rights Disclosures