strict-origin-when-cross-origin


This should show host/domain only.