Fenced Frame Request to renderURL: Inclusion of referer Header Under Different Referer-Policies

Here we test whether the referer is sent in the HTTP request when the renderUrl is rendered using a Fenced Frame.

Conclusion: no referer for you inside Fenced Frames.

Select your Referer Policy

Here you can select the referer policy you would like applied, and then the page will redirect back here with a query param set, which will tell the server to set a Referer-Policy for the given request, which will then take effect for all subsequent requests from that page, including the creative render request.

Make sure you have the attestation over-rides in place.

Note you can change from the TLD being same-domain as the IG/auction by changing the host of this page. I'll automate this but for now use privacy-sandbox-test-one.com for same origin, pst-publisher.com for different.

Note you can open a new frame for each using this handy link.

Below the iframe will render, which hits our "creative endpoint" which simply dumps out the data it sees.

You can see the handler that makes the creative here.
You can see the client side JS here.
Note also if you open dev tools, go to the network tab, and then refresh the page, you'll see the requests and headers included. The initial page load will occur with whatever the last Referer Policy was, you'll see the header come back and take effect on the next request; at that point you can find the "creative?id=..." request and see whether the referer was sent, which should be reflected in the results below.

Live Result

Sorry for the bad UI here, scroll down in the Fenced Frame a bit and you'll see the red text indicating no referer, which you can confirm by scrolling through.