diff --git a/docs/index.bs b/docs/index.bs
index 11561fa2..2e63c955 100644
--- a/docs/index.bs
+++ b/docs/index.bs
@@ -145,6 +145,7 @@ spec: fetch; urlPrefix: https://fetch.spec.whatwg.org/
         text: get a reader; url: concept-get-reader
         text: header; url: concept-header
         text: http fetch; url: concept-http-fetch
+        text: HTTPS state value; url: concept-https-state-value
         text: internal response; url: concept-internal-response
         text: locked; url: concept-body-locked
         text: navigation request
@@ -187,6 +188,7 @@ spec: fetch; urlPrefix: https://fetch.spec.whatwg.org/
             text: cache state
             text: CORS-exposed header-name list
             text: header list
+            text: https state
             text: response
             text: status
             text: termination reason
@@ -222,6 +224,7 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
             text: https state; for: environment settings object
             text: module script
             text: realm execution context
+            text: referrer policy; for: environment settings object; url: concept-settings-object-referrer-policy
             text: relevant Realm; url: concept-relevant-realm
             text: relevant global object; url: concept-relevant-global
             text: report the error
@@ -243,6 +246,7 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
             text: web worker; url: workers
             for: workerglobalscope; urlPrefix: #concept-workerglobalscope-
                 text: https state
+                text: referrer policy
                 text: type
                 text: url
     type: event
@@ -333,7 +337,7 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
     <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-containing-service-worker-registration">containing service worker registration</dfn> (a <a href="#dfn-service-worker-registration">service worker registration</a>), which contains itself.</p>
     <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-service-worker-id">id</dfn> (an opaque string), which uniquely identifies itself during the lifetime of its <a href="#dfn-containing-service-worker-registration">containing service worker registration</a>.</p>
     <p>A <a href="#dfn-service-worker">service worker</a> is dispatched a set of <dfn id="dfn-lifecycle-events">lifecycle events</dfn>, <a href="#service-worker-global-scope-install-event">install</a> and <a href="#service-worker-global-scope-activate-event">activate</a>, and <dfn id="dfn-functional-events">functional events</dfn> including <a href="#service-worker-global-scope-fetch-event">fetch</a>.</p>
-    <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-script-resource">script resource</dfn> (a <a>script</a>), which represents its own script resource. It is initially set to null. A <a href="#dfn-script-resource">script resource</a> has an associated <dfn id="dfn-has-ever-been-evaluated-flag">has ever been evaluated flag</dfn>. It is initially unset. A <a href="#dfn-script-resource">script resource</a> has an associated <dfn id="dfn-https-state">HTTPS state</dfn> which is "<code>none</code>", "<code>deprecated</code>", or "<code>modern</code>". Unless stated otherwise, it is "<code>none</code>".</p>
+    <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-script-resource">script resource</dfn> (a <a>script</a>), which represents its own script resource. It is initially set to null. A <a href="#dfn-script-resource">script resource</a> has an associated <dfn id="dfn-has-ever-been-evaluated-flag">has ever been evaluated flag</dfn>. It is initially unset. A <a href="#dfn-script-resource">script resource</a> has an associated <dfn id="dfn-https-state">HTTPS state</dfn> (an <a>HTTPS state value</a>). It is initially "<code>none</code>". A <a href="#dfn-script-resource">script resource</a> has an associated <dfn id="dfn-referrer-policy">referrer policy</dfn> (a <a href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy">referrer policy</a>). It is initially the empty string.</p>
     <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-script-resource-map">script resource map</dfn> which is a <a>List</a> of the <a>Record</a> {\[[key]], \[[value]]} where \[[key]] is a <a for="url">URL</a> and \[[value]] is a <a for="response">response</a>.</p>
     <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-skip-waiting-flag">skip waiting flag</dfn>. Unless stated otherwise it is unset.</p>
     <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-imported-scripts-updated-flag">imported scripts updated flag</dfn>. It is initially unset.</p>
@@ -3241,6 +3245,8 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
           <li>Invoke <a href="#finish-job-algorithm">Finish Job</a> with <var>job</var> and abort these steps.</li>
         </ol>
       </li>
+      <li>Let <var>httpsState</var> be "<code>none</code>".</li>
+      <li>Let <var>referrerPolicy</var> be the empty string.</li>
       <li>Switching on <var>job</var>'s <a>worker type</a>, run these substeps with the following options:
         <dl>
         <dt><em>"<code>classic</code>"</em></dt>
@@ -3270,6 +3276,8 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
           <li>Let <var>serviceWorkerAllowed</var> be the result of <a for="header">parsing</a> `<code>Service-Worker-Allowed</code>` in <var>response</var>'s <a for="response">header list</a>.
             <p class="note">See the definition of the Service-Worker-Allowed header in Appendix B: Extended HTTP headers.</p>
           </li>
+          <li>Set <var>httpsState</var> to <var>response</var>'s <a for="response">HTTPS state</a>.</li>
+          <li>Set <var>referrerPolicy</var> to the result of <a href="https://w3c.github.io/webappsec-referrer-policy/#parse-referrer-policy-from-header">parsing the `<code>Referrer-Policy</code>` header</a> of <var>response</var>.</li>
           <li>If <var>serviceWorkerAllowed</var> is failure, then:
             <ol>
               <li>Asynchronously complete these steps with a <a>network error</a>.</li>
@@ -3325,6 +3333,8 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
           <li>Let <var>worker</var> be a new <a href="#dfn-service-worker">service worker</a>.</li>
           <li>Generate a unique opaque string and set <var>worker</var>'s <a href="#dfn-service-worker-id">id</a> to the value.</li>
           <li>Set <var>worker</var>'s <a href="#dfn-script-url">script url</a> to <var>job</var>'s <a href="#dfn-job-script-url">script url</a>, <var>worker</var>'s <a href="#dfn-script-resource">script resource</a> to <var>script</var>, and <var>worker</var>'s <a href="#dfn-type">type</a> to <var>job</var>'s <a>worker type</a>.</li>
+          <li>Set <var>worker</var>'s <a href="#dfn-script-resource">script resource</a>'s <a href="#dfn-https-state">HTTPS state</a> to <var>httpsState</var>.</li>
+          <li>Set <var>worker</var>'s <a href="#dfn-script-resource">script resource</a>'s <a href="#dfn-referrer-policy">referrer policy</a> to <var>referrerPolicy</var>.</li>
           <li>Invoke <a href="#run-service-worker-algorithm">Run Service Worker</a> algorithm with <var>worker</var> as the argument.</li>
           <li>If an uncaught runtime script error occurs during the above step, then:
             <ol>
@@ -3517,9 +3527,8 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
           <dd>Return <var>workerGlobalScope</var>.</dd>
           <dt>The <a>responsible event loop</a></dt>
           <dd>Return <var>workerEventLoop</var>.</dd>
-          <dt>The <a>referrer source</a></dt>
-          <dd>Return <var>serviceWorker</var>'s <a href="#dfn-script-url">script url</a>.</dd>
-          <p class="issue">Remove this definition after sorting out the referencing sites.</p>
+          <dt>The <a for="environment settings object">referrer policy</a></dt>
+          <dd>Return <var>workerGlobalScope</var>'s <a for="workerglobalscope">referrer policy</a>.</dd>
           <dt>The <a>API URL character encoding</a></dt>
           <dd>Return UTF-8.</dd>
           <dt>The <a>API base URL</a></dt>
@@ -3534,6 +3543,7 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
       </li>
       <li>Set <var>workerGlobalScope</var>'s <a for="workerglobalscope">url</a> to <var>serviceWorker</var>'s <a href="#dfn-script-url">script url</a>.</li>
       <li>Set <var>workerGlobalScope</var>'s <a for="workerglobalscope">HTTPS state</a> to <var>serviceWorker</var>'s <a>script resource</a>'s <a href="#dfn-https-state">HTTPS state</a>.</li>
+      <li>Set <var>workerGlobalScope</var>'s <a for="workerglobalscope">referrer policy</a> to <var>serviceWorker</var>'s <a>script resource</a>'s <a href="#dfn-referrer-policy">referrer policy</a>.</li>
       <li>Set <var>workerGlobalScope</var>'s <a for="workerglobalscope">type</a> to <var>serviceWorker</var>'s <a href="#dfn-type">type</a>.</li>
       <li>Create a new {{WorkerLocation}} object and associate it with <var>workerGlobalScope</var>.</li>
       <li>If <var>serviceWorker</var> is an <a href="#dfn-active-worker">active worker</a>, and there are any <a>tasks</a> queued in <var>serviceWorker</var>'s <a href="#dfn-containing-service-worker-registration">containing service worker registration</a>'s <a href="#dfn-service-worker-registration-task-queue">task queues</a>, <a lt="queue a task">queue</a> them to <var>serviceWorker</var>'s <a>event loop</a>'s <a for="event loop">task queues</a> in the same order using their original <a>task sources</a>.</li>
diff --git a/docs/index.html b/docs/index.html
index f894254f..688d3d5a 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1754,7 +1754,7 @@ <h3 class="heading settled" data-level="2.1" id="service-worker-concept"><span c
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-19">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-containing-service-worker-registration">containing service worker registration</dfn> (a <a href="#dfn-service-worker-registration" id="ref-for-dfn-service-worker-registration-1">service worker registration</a>), which contains itself.</p>
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-20">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-service-worker-id">id</dfn> (an opaque string), which uniquely identifies itself during the lifetime of its <a href="#dfn-containing-service-worker-registration" id="ref-for-dfn-containing-service-worker-registration-1">containing service worker registration</a>.</p>
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-21">service worker</a> is dispatched a set of <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-lifecycle-events">lifecycle events</dfn>, <a href="#service-worker-global-scope-install-event" id="ref-for-service-worker-global-scope-install-event-1">install</a> and <a href="#service-worker-global-scope-activate-event" id="ref-for-service-worker-global-scope-activate-event-1">activate</a>, and <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-functional-events">functional events</dfn> including <a href="#service-worker-global-scope-fetch-event" id="ref-for-service-worker-global-scope-fetch-event-1">fetch</a>.</p>
-     <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-22">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-script-resource">script resource</dfn> (a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-script">script</a>), which represents its own script resource. It is initially set to null. A <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-1">script resource</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-has-ever-been-evaluated-flag">has ever been evaluated flag</dfn>. It is initially unset. A <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-2">script resource</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-https-state">HTTPS state</dfn> which is "<code>none</code>", "<code>deprecated</code>", or "<code>modern</code>". Unless stated otherwise, it is "<code>none</code>".</p>
+     <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-22">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-script-resource">script resource</dfn> (a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-script">script</a>), which represents its own script resource. It is initially set to null. A <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-1">script resource</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-has-ever-been-evaluated-flag">has ever been evaluated flag</dfn>. It is initially unset. A <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-2">script resource</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-https-state">HTTPS state</dfn> (an <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-https-state-value">HTTPS state value</a>). It is initially "<code>none</code>". A <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-3">script resource</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-referrer-policy">referrer policy</dfn> (a <a href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy">referrer policy</a>). It is initially the empty string.</p>
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-23">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-script-resource-map">script resource map</dfn> which is a <a data-link-type="dfn" href="http://www.ecma-international.org/ecma-262/6.0/#sec-list-and-record-specification-type">List</a> of the <a data-link-type="dfn" href="http://www.ecma-international.org/ecma-262/6.0/#sec-list-and-record-specification-type">Record</a> {[[key]], [[value]]} where [[key]] is a <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url">URL</a> and [[value]] is a <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-response-response">response</a>.</p>
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-24">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-skip-waiting-flag">skip waiting flag</dfn>. Unless stated otherwise it is unset.</p>
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-25">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-imported-scripts-updated-flag">imported scripts updated flag</dfn>. It is initially unset.</p>
@@ -3855,8 +3855,8 @@ <h3 class="heading settled" data-level="7.1" id="secure-context"><span class="se
      <h3 class="heading settled" data-level="7.2" id="content-security-policy"><span class="secno">7.2. </span><span class="content">Content Security Policy</span><a class="self-link" href="#content-security-policy"></a></h3>
      <p>Whenever a user agent invokes <a href="#run-service-worker-algorithm">Run Service Worker</a> algorithm with a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-86">service worker</a> <var>serviceWorker</var>: </p>
      <ul>
-      <li>If <var>serviceWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-3">script resource</a> was delivered with a <code>Content-Security-Policy</code> HTTP header containing the value <var>policy</var>, the user agent <em class="rfc2119" title="MUST">must</em> <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/2/#enforce">enforce</a> <var>policy</var> for <var>serviceWorker</var>.
-      <li>If <var>serviceWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-4">script resource</a> was delivered with a <code>Content-Security-Policy-Report-Only</code> HTTP header containing the value <var>policy</var>, the user agent <em class="rfc2119" title="MUST">must</em> <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/2/#monitor">monitor</a> <var>policy</var> for <var>serviceWorker</var>.
+      <li>If <var>serviceWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-4">script resource</a> was delivered with a <code>Content-Security-Policy</code> HTTP header containing the value <var>policy</var>, the user agent <em class="rfc2119" title="MUST">must</em> <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/2/#enforce">enforce</a> <var>policy</var> for <var>serviceWorker</var>.
+      <li>If <var>serviceWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-5">script resource</a> was delivered with a <code>Content-Security-Policy-Report-Only</code> HTTP header containing the value <var>policy</var>, the user agent <em class="rfc2119" title="MUST">must</em> <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/2/#monitor">monitor</a> <var>policy</var> for <var>serviceWorker</var>.
      </ul>
      <p></p>
      <p>The primary reason for this restriction is to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS).</p>
@@ -4196,6 +4196,8 @@ <h3 class="heading settled" id="update-algorithm"><span class="content">Update</
          <li>Invoke <a href="#reject-job-promise-algorithm">Reject Job Promise</a> with <var>job</var> and a <code>TypeError</code>.
          <li>Invoke <a href="#finish-job-algorithm">Finish Job</a> with <var>job</var> and abort these steps.
         </ol>
+       <li>Let <var>httpsState</var> be "<code>none</code>".
+       <li>Let <var>referrerPolicy</var> be the empty string.
        <li>
         Switching on <var>job</var>’s <a data-link-type="dfn" href="#dfn-job-worker-type" id="ref-for-dfn-job-worker-type-4">worker type</a>, run these substeps with the following options: 
         <dl>
@@ -4228,6 +4230,8 @@ <h3 class="heading settled" id="update-algorithm"><span class="content">Update</
          <li>
           Let <var>serviceWorkerAllowed</var> be the result of <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-header-parse">parsing</a> `<code>Service-Worker-Allowed</code>` in <var>response</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-response-header-list">header list</a>. 
           <p class="note" role="note">See the definition of the Service-Worker-Allowed header in Appendix B: Extended HTTP headers.</p>
+         <li>Set <var>httpsState</var> to <var>response</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-response-https-state">HTTPS state</a>.
+         <li>Set <var>referrerPolicy</var> to the result of <a href="https://w3c.github.io/webappsec-referrer-policy/#parse-referrer-policy-from-header">parsing the `<code>Referrer-Policy</code>` header</a> of <var>response</var>.
          <li>
           If <var>serviceWorkerAllowed</var> is failure, then: 
           <ol>
@@ -4270,7 +4274,7 @@ <h3 class="heading settled" id="update-algorithm"><span class="content">Update</
         <p></p>
         <p>Else, continue the rest of these steps after the algorithm’s asynchronous completion, with <var>script</var> being the asynchronous completion value.</p>
        <li>
-        If <var>newestWorker</var> is not null, <var>newestWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-5">script url</a> <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-equals">equals</a> <var>job</var>’s <a href="#dfn-job-script-url" id="ref-for-dfn-job-script-url-11">script url</a> with the <em>exclude fragments flag</em> set, and <var>script</var> is a byte-for-byte match with <var>newestWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-5">script resource</a>, then: 
+        If <var>newestWorker</var> is not null, <var>newestWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-5">script url</a> <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-equals">equals</a> <var>job</var>’s <a href="#dfn-job-script-url" id="ref-for-dfn-job-script-url-11">script url</a> with the <em>exclude fragments flag</em> set, and <var>script</var> is a byte-for-byte match with <var>newestWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-6">script resource</a>, then: 
         <ol>
          <li>Invoke <a href="#resolve-job-promise-algorithm">Resolve Job Promise</a> with <var>job</var> and the <code class="idl"><a data-link-type="idl" href="#service-worker-registration-interface" id="ref-for-service-worker-registration-interface-18">ServiceWorkerRegistration</a></code> object which represents <var>registration</var>.
          <li>Invoke <a href="#finish-job-algorithm">Finish Job</a> with <var>job</var> and abort these steps.
@@ -4280,7 +4284,9 @@ <h3 class="heading settled" id="update-algorithm"><span class="content">Update</
         <ol>
          <li>Let <var>worker</var> be a new <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-100">service worker</a>.
          <li>Generate a unique opaque string and set <var>worker</var>’s <a href="#dfn-service-worker-id" id="ref-for-dfn-service-worker-id-1">id</a> to the value.
-         <li>Set <var>worker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-6">script url</a> to <var>job</var>’s <a href="#dfn-job-script-url" id="ref-for-dfn-job-script-url-12">script url</a>, <var>worker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-6">script resource</a> to <var>script</var>, and <var>worker</var>’s <a href="#dfn-type" id="ref-for-dfn-type-2">type</a> to <var>job</var>’s <a data-link-type="dfn" href="#dfn-job-worker-type" id="ref-for-dfn-job-worker-type-5">worker type</a>.
+         <li>Set <var>worker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-6">script url</a> to <var>job</var>’s <a href="#dfn-job-script-url" id="ref-for-dfn-job-script-url-12">script url</a>, <var>worker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-7">script resource</a> to <var>script</var>, and <var>worker</var>’s <a href="#dfn-type" id="ref-for-dfn-type-2">type</a> to <var>job</var>’s <a data-link-type="dfn" href="#dfn-job-worker-type" id="ref-for-dfn-job-worker-type-5">worker type</a>.
+         <li>Set <var>worker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-8">script resource</a>’s <a href="#dfn-https-state" id="ref-for-dfn-https-state-1">HTTPS state</a> to <var>httpsState</var>.
+         <li>Set <var>worker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-9">script resource</a>’s <a href="#dfn-referrer-policy" id="ref-for-dfn-referrer-policy-1">referrer policy</a> to <var>referrerPolicy</var>.
          <li>Invoke <a href="#run-service-worker-algorithm">Run Service Worker</a> algorithm with <var>worker</var> as the argument.
          <li>
           If an uncaught runtime script error occurs during the above step, then: 
@@ -4442,7 +4448,7 @@ <h3 class="heading settled" id="run-service-worker-algorithm"><span class="conte
        <dd>None
       </dl>
       <ol>
-       <li>Let <var>script</var> be <var>serviceWorker</var>’s <a data-link-type="dfn" href="#dfn-script-resource" id="ref-for-dfn-script-resource-7">script resource</a>.
+       <li>Let <var>script</var> be <var>serviceWorker</var>’s <a data-link-type="dfn" href="#dfn-script-resource" id="ref-for-dfn-script-resource-10">script resource</a>.
        <li>Assert: <var>script</var> is not null.
        <li>If <var>serviceWorker</var> is already running, abort these steps.
        <li>Create a separate parallel execution environment (i.e. a separate thread or process or equivalent construct), and run the rest of these steps in that context.
@@ -4463,13 +4469,12 @@ <h3 class="heading settled" id="run-service-worker-algorithm"><span class="conte
          <dd>Return <var>workerGlobalScope</var>.
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#responsible-event-loop">responsible event loop</a>
          <dd>Return <var>workerEventLoop</var>.
-         <dt>The <a data-link-type="dfn">referrer source</a>
-         <dd>Return <var>serviceWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-8">script url</a>.
-         <p class="issue" id="issue-b739bfcf"><a class="self-link" href="#issue-b739bfcf"></a>Remove this definition after sorting out the referencing sites.</p>
+         <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-referrer-policy">referrer policy</a>
+         <dd>Return <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-referrer-policy">referrer policy</a>.
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#api-url-character-encoding">API URL character encoding</a>
          <dd>Return UTF-8.
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#api-base-url">API base URL</a>
-         <dd>Return <var>serviceWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-9">script url</a>.
+         <dd>Return <var>serviceWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-8">script url</a>.
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#origin-2">origin</a>
          <dd>Return its registering <a href="#dfn-service-worker-client" id="ref-for-dfn-service-worker-client-41">service worker client</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#origin-2">origin</a>.
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#creation-url">creation URL</a>
@@ -4477,8 +4482,9 @@ <h3 class="heading settled" id="run-service-worker-algorithm"><span class="conte
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#https-state">HTTPS state</a>
          <dd>Return <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-https-state">HTTPS state</a>.
         </dl>
-       <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-url">url</a> to <var>serviceWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-10">script url</a>.
-       <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-https-state">HTTPS state</a> to <var>serviceWorker</var>’s <a data-link-type="dfn" href="#dfn-script-resource" id="ref-for-dfn-script-resource-8">script resource</a>’s <a href="#dfn-https-state" id="ref-for-dfn-https-state-1">HTTPS state</a>.
+       <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-url">url</a> to <var>serviceWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-9">script url</a>.
+       <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-https-state">HTTPS state</a> to <var>serviceWorker</var>’s <a data-link-type="dfn" href="#dfn-script-resource" id="ref-for-dfn-script-resource-11">script resource</a>’s <a href="#dfn-https-state" id="ref-for-dfn-https-state-2">HTTPS state</a>.
+       <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-referrer-policy">referrer policy</a> to <var>serviceWorker</var>’s <a data-link-type="dfn" href="#dfn-script-resource" id="ref-for-dfn-script-resource-12">script resource</a>’s <a href="#dfn-referrer-policy" id="ref-for-dfn-referrer-policy-2">referrer policy</a>.
        <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-type">type</a> to <var>serviceWorker</var>’s <a href="#dfn-type" id="ref-for-dfn-type-4">type</a>.
        <li>Create a new <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/workers.html#workerlocation">WorkerLocation</a></code> object and associate it with <var>workerGlobalScope</var>.
        <li>If <var>serviceWorker</var> is an <a href="#dfn-active-worker" id="ref-for-dfn-active-worker-29">active worker</a>, and there are any <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-task">tasks</a> queued in <var>serviceWorker</var>’s <a href="#dfn-containing-service-worker-registration" id="ref-for-dfn-containing-service-worker-registration-13">containing service worker registration</a>’s <a href="#dfn-service-worker-registration-task-queue" id="ref-for-dfn-service-worker-registration-task-queue-3">task queues</a>, <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#queue-a-task">queue</a> them to <var>serviceWorker</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#event-loop">event loop</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#task-queue">task queues</a> in the same order using their original <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#task-source">task sources</a>.
@@ -5243,17 +5249,17 @@ <h3 class="heading settled" id="batch-cache-operations-algorithm"><span class="c
      <h2 class="heading settled" id="extended-http-headers"><span class="content">Appendix B: Extended HTTP headers</span><a class="self-link" href="#extended-http-headers"></a></h2>
      <section>
       <h3 class="heading settled" id="service-worker-script-request"><span class="content">Service Worker Script Request</span><a class="self-link" href="#service-worker-script-request"></a></h3>
-      <p>An HTTP request to <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-fetch">fetch</a> a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-120">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-9">script resource</a> will include the following <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-header">header</a>:</p>
+      <p>An HTTP request to <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-fetch">fetch</a> a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-120">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-13">script resource</a> will include the following <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-header">header</a>:</p>
       <dl>
        <dt>`<dfn data-dfn-type="dfn" data-noexport="" id="service-worker"><code>Service-Worker</code><a class="self-link" href="#service-worker"></a></dfn>`
        <dd>
-        Indicates this request is a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-121">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-10">script resource</a> request. 
+        Indicates this request is a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-121">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-14">script resource</a> request. 
         <p class="note" role="note">This header helps administrators log the requests and detect threats.</p>
       </dl>
      </section>
      <section>
       <h3 class="heading settled" id="service-worker-script-response"><span class="content">Service Worker Script Response</span><a class="self-link" href="#service-worker-script-response"></a></h3>
-      <p>An HTTP response to a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-122">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-11">script resource</a> request can include the following <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-header">header</a>:</p>
+      <p>An HTTP response to a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-122">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-15">script resource</a> request can include the following <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-header">header</a>:</p>
       <dl>
        <dt>`<dfn data-dfn-type="dfn" data-noexport="" id="service-worker-allowed"><code>Service-Worker-Allowed</code><a class="self-link" href="#service-worker-allowed"></a></dfn>`
        <dd>
@@ -5299,7 +5305,7 @@ <h3 class="heading settled" id="service-worker-script-response"><span class="con
      </section>
      <section>
       <h3 class="heading settled" id="syntax"><span class="content">Syntax</span><a class="self-link" href="#syntax"></a></h3>
-      <p><a data-link-type="biblio" href="#biblio-rfc5234">ABNF</a> for the values of the headers used by the <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-123">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-12">script resource</a> requests and responses:</p>
+      <p><a data-link-type="biblio" href="#biblio-rfc5234">ABNF</a> for the values of the headers used by the <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-123">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-16">script resource</a> requests and responses:</p>
 <pre>Service-Worker = %x73.63.72.69.70.74 ; "script", case-sensitive
 </pre>
       <p class="note" role="note">The validation of the Service-Worker-Allowed header’s values is done by URL parsing algorithm (in Update algorithm) instead of using ABNF.</p>
@@ -5598,6 +5604,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <li><a href="#dom-serviceworkerstate-redundant">"redundant"</a><span>, in §3.1</span>
    <li><a href="#dom-serviceworkerstate-redundant">redundant</a><span>, in §3.1</span>
    <li><a href="#job-referrer">referrer</a><span>, in §Unnumbered section</span>
+   <li><a href="#dfn-referrer-policy">referrer policy</a><span>, in §2.1</span>
    <li><a href="#dom-installevent-registerforeignfetch">registerForeignFetch(options)</a><span>, in §4.5.1</span>
    <li><a href="#dfn-registration-script-url">registering script url</a><span>, in §2.2</span>
    <li><a href="#service-worker-container-register-method">register(scriptURL)</a><span>, in §3.4.3</span>
@@ -5833,6 +5840,8 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><a href="https://fetch.spec.whatwg.org/#concept-response-header-list">header list</a>
      <li><a href="https://fetch.spec.whatwg.org/#dom-request-headers">headers</a>
      <li><a href="https://fetch.spec.whatwg.org/#concept-http-fetch">http fetch</a>
+     <li><a href="https://fetch.spec.whatwg.org/#concept-response-https-state">https state</a>
+     <li><a href="https://fetch.spec.whatwg.org/#concept-https-state-value">https state value</a>
      <li><a href="https://fetch.spec.whatwg.org/#concept-request-initiator">initiator</a>
      <li><a href="https://fetch.spec.whatwg.org/#concept-internal-response">internal response</a>
      <li><a href="https://fetch.spec.whatwg.org/#concept-body-locked">locked</a>
@@ -5930,6 +5939,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#fetching-scripts-perform-fetch">perform the fetch</a>
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#queue-a-task">queue a task</a>
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#realm-execution-context">realm execution context</a>
+     <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-referrer-policy">referrer policy</a>
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global">relevant global object</a>
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-realm">relevant realm</a>
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#relevant-settings-object">relevant settings object</a>
@@ -6342,7 +6352,6 @@ <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">I
   <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content">Issues Index</span><a class="self-link" href="#issues-index"></a></h2>
   <div style="counter-reset:issue">
    <div class="issue">The response’s cache state concept had been removed from fetch. The fetch issue <a href="https://github.com/whatwg/fetch/issues/376">#376</a> tracks the request to restore the concept or add some similar way to check this state.<a href="#issue-3c7457a0"> ↵ </a></div>
-   <div class="issue">Remove this definition after sorting out the referencing sites.<a href="#issue-b739bfcf"> ↵ </a></div>
   </div>
   <aside class="dfn-panel" data-for="dfn-service-worker">
    <b><a href="#dfn-service-worker">#dfn-service-worker</a></b><b>Referenced in:</b>
@@ -6419,7 +6428,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     <li><a href="#ref-for-dfn-script-url-3">Register</a>
     <li><a href="#ref-for-dfn-script-url-4">Update</a> <a href="#ref-for-dfn-script-url-5">(2)</a> <a href="#ref-for-dfn-script-url-6">(3)</a>
     <li><a href="#ref-for-dfn-script-url-7">Soft Update</a>
-    <li><a href="#ref-for-dfn-script-url-8">Run Service Worker</a> <a href="#ref-for-dfn-script-url-9">(2)</a> <a href="#ref-for-dfn-script-url-10">(3)</a>
+    <li><a href="#ref-for-dfn-script-url-8">Run Service Worker</a> <a href="#ref-for-dfn-script-url-9">(2)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dfn-type">
@@ -6478,13 +6487,13 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
   <aside class="dfn-panel" data-for="dfn-script-resource">
    <b><a href="#dfn-script-resource">#dfn-script-resource</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-dfn-script-resource-1">2.1. Service Worker</a> <a href="#ref-for-dfn-script-resource-2">(2)</a>
-    <li><a href="#ref-for-dfn-script-resource-3">7.2. Content Security Policy</a> <a href="#ref-for-dfn-script-resource-4">(2)</a>
-    <li><a href="#ref-for-dfn-script-resource-5">Update</a> <a href="#ref-for-dfn-script-resource-6">(2)</a>
-    <li><a href="#ref-for-dfn-script-resource-7">Run Service Worker</a> <a href="#ref-for-dfn-script-resource-8">(2)</a>
-    <li><a href="#ref-for-dfn-script-resource-9">Service Worker Script Request</a> <a href="#ref-for-dfn-script-resource-10">(2)</a>
-    <li><a href="#ref-for-dfn-script-resource-11">Service Worker Script Response</a>
-    <li><a href="#ref-for-dfn-script-resource-12">Syntax</a>
+    <li><a href="#ref-for-dfn-script-resource-1">2.1. Service Worker</a> <a href="#ref-for-dfn-script-resource-2">(2)</a> <a href="#ref-for-dfn-script-resource-3">(3)</a>
+    <li><a href="#ref-for-dfn-script-resource-4">7.2. Content Security Policy</a> <a href="#ref-for-dfn-script-resource-5">(2)</a>
+    <li><a href="#ref-for-dfn-script-resource-6">Update</a> <a href="#ref-for-dfn-script-resource-7">(2)</a> <a href="#ref-for-dfn-script-resource-8">(3)</a> <a href="#ref-for-dfn-script-resource-9">(4)</a>
+    <li><a href="#ref-for-dfn-script-resource-10">Run Service Worker</a> <a href="#ref-for-dfn-script-resource-11">(2)</a> <a href="#ref-for-dfn-script-resource-12">(3)</a>
+    <li><a href="#ref-for-dfn-script-resource-13">Service Worker Script Request</a> <a href="#ref-for-dfn-script-resource-14">(2)</a>
+    <li><a href="#ref-for-dfn-script-resource-15">Service Worker Script Response</a>
+    <li><a href="#ref-for-dfn-script-resource-16">Syntax</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dfn-has-ever-been-evaluated-flag">
@@ -6496,7 +6505,15 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
   <aside class="dfn-panel" data-for="dfn-https-state">
    <b><a href="#dfn-https-state">#dfn-https-state</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-dfn-https-state-1">Run Service Worker</a>
+    <li><a href="#ref-for-dfn-https-state-1">Update</a>
+    <li><a href="#ref-for-dfn-https-state-2">Run Service Worker</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="dfn-referrer-policy">
+   <b><a href="#dfn-referrer-policy">#dfn-referrer-policy</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-dfn-referrer-policy-1">Update</a>
+    <li><a href="#ref-for-dfn-referrer-policy-2">Run Service Worker</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dfn-script-resource-map">
diff --git a/docs/v1/index.bs b/docs/v1/index.bs
index dfd36439..aea30c55 100644
--- a/docs/v1/index.bs
+++ b/docs/v1/index.bs
@@ -142,6 +142,7 @@ spec: fetch; urlPrefix: https://fetch.spec.whatwg.org/
         text: get a reader; url: concept-get-reader
         text: header; url: concept-header
         text: http fetch; url: concept-http-fetch
+        text: HTTPS state value; url: concept-https-state-value
         text: internal response; url: concept-internal-response
         text: locked; url: concept-body-locked
         text: navigation request
@@ -180,6 +181,7 @@ spec: fetch; urlPrefix: https://fetch.spec.whatwg.org/
             text: body
             text: cache state
             text: header list
+            text: https state
             text: response
             text: status
             text: termination reason
@@ -213,6 +215,7 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
             text: https state; for: environment settings object
             text: module script
             text: realm execution context
+            text: referrer policy; for: environment settings object; url: concept-settings-object-referrer-policy
             text: relevant Realm; url: concept-relevant-realm
             text: relevant global object; url: concept-relevant-global
             text: report the error
@@ -233,6 +236,7 @@ spec: html; urlPrefix: https://html.spec.whatwg.org/multipage/
             text: web worker; url: workers
             for: workerglobalscope; urlPrefix: #concept-workerglobalscope-
                 text: https state
+                text: referrer policy
                 text: type
                 text: url
     type: event
@@ -317,7 +321,7 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
     <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-containing-service-worker-registration">containing service worker registration</dfn> (a <a href="#dfn-service-worker-registration">service worker registration</a>), which contains itself.</p>
     <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-service-worker-id">id</dfn> (an opaque string), which uniquely identifies itself during the lifetime of its <a href="#dfn-containing-service-worker-registration">containing service worker registration</a>.</p>
     <p>A <a href="#dfn-service-worker">service worker</a> is dispatched a set of <dfn id="dfn-lifecycle-events">lifecycle events</dfn>, <a href="#service-worker-global-scope-install-event">install</a> and <a href="#service-worker-global-scope-activate-event">activate</a>, and <dfn id="dfn-functional-events">functional events</dfn> including <a href="#service-worker-global-scope-fetch-event">fetch</a>.</p>
-    <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-script-resource">script resource</dfn> (a <a>script</a>), which represents its own script resource. It is initially set to null. A <a href="#dfn-script-resource">script resource</a> has an associated <dfn id="dfn-has-ever-been-evaluated-flag">has ever been evaluated flag</dfn>. It is initially unset. A <a href="#dfn-script-resource">script resource</a> has an associated <dfn id="dfn-https-state">HTTPS state</dfn> which is "<code>none</code>", "<code>deprecated</code>", or "<code>modern</code>". Unless stated otherwise, it is "<code>none</code>".</p>
+    <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-script-resource">script resource</dfn> (a <a>script</a>), which represents its own script resource. It is initially set to null. A <a href="#dfn-script-resource">script resource</a> has an associated <dfn id="dfn-has-ever-been-evaluated-flag">has ever been evaluated flag</dfn>. It is initially unset. A <a href="#dfn-script-resource">script resource</a> has an associated <dfn id="dfn-https-state">HTTPS state</dfn> (an <a>HTTPS state value</a>). It is initially "<code>none</code>". A <a href="#dfn-script-resource">script resource</a> has an associated <dfn id="dfn-referrer-policy">referrer policy</dfn> (a <a href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy">referrer policy</a>). It is initially the empty string.</p>
     <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-script-resource-map">script resource map</dfn> which is a <a>List</a> of the <a>Record</a> {\[[key]], \[[value]]} where \[[key]] is a <a for="url">URL</a> and \[[value]] is a <a for="response">response</a>.</p>
     <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-skip-waiting-flag">skip waiting flag</dfn>. Unless stated otherwise it is unset.</p>
     <p>A <a href="#dfn-service-worker">service worker</a> has an associated <dfn id="dfn-imported-scripts-updated-flag">imported scripts updated flag</dfn>. It is initially unset.</p>
@@ -2906,6 +2910,8 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
           <li>Invoke <a href="#finish-job-algorithm">Finish Job</a> with <var>job</var> and abort these steps.</li>
         </ol>
       </li>
+      <li>Let <var>httpsState</var> be "<code>none</code>".</li>
+      <li>Let <var>referrerPolicy</var> be the empty string.</li>
       <li>Switching on <var>job</var>'s <a>worker type</a>, run these substeps with the following options:
         <dl>
         <dt><em>"<code>classic</code>"</em></dt>
@@ -2935,6 +2941,8 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
           <li>Let <var>serviceWorkerAllowed</var> be the result of <a for="header">parsing</a> `<code>Service-Worker-Allowed</code>` in <var>response</var>'s <a for="response">header list</a>.
             <p class="note">See the definition of the Service-Worker-Allowed header in Appendix B: Extended HTTP headers.</p>
           </li>
+          <li>Set <var>httpsState</var> to <var>response</var>'s <a for="response">HTTPS state</a>.</li>
+          <li>Set <var>referrerPolicy</var> to the result of <a href="https://w3c.github.io/webappsec-referrer-policy/#parse-referrer-policy-from-header">parsing the `<code>Referrer-Policy</code>` header</a> of <var>response</var>.</li>
           <li>If <var>serviceWorkerAllowed</var> is failure, then:
             <ol>
               <li>Asynchronously complete these steps with a <a>network error</a>.</li>
@@ -2990,6 +2998,8 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
           <li>Let <var>worker</var> be a new <a href="#dfn-service-worker">service worker</a>.</li>
           <li>Generate a unique opaque string and set <var>worker</var>'s <a href="#dfn-service-worker-id">id</a> to the value.</li>
           <li>Set <var>worker</var>'s <a href="#dfn-script-url">script url</a> to <var>job</var>'s <a href="#dfn-job-script-url">script url</a>, <var>worker</var>'s <a href="#dfn-script-resource">script resource</a> to <var>script</var>, and <var>worker</var>'s <a href="#dfn-type">type</a> to <var>job</var>'s <a>worker type</a>.</li>
+          <li>Set <var>worker</var>'s <a href="#dfn-script-resource">script resource</a>'s <a href="#dfn-https-state">HTTPS state</a> to <var>httpsState</var>.</li>
+          <li>Set <var>worker</var>'s <a href="#dfn-script-resource">script resource</a>'s <a href="#dfn-referrer-policy">referrer policy</a> to <var>referrerPolicy</var>.</li>
           <li>Invoke <a href="#run-service-worker-algorithm">Run Service Worker</a> algorithm with <var>worker</var> as the argument.</li>
           <li>If an uncaught runtime script error occurs during the above step, then:
             <ol>
@@ -3182,9 +3192,8 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
           <dd>Return <var>workerGlobalScope</var>.</dd>
           <dt>The <a>responsible event loop</a></dt>
           <dd>Return <var>workerEventLoop</var>.</dd>
-          <dt>The <a>referrer source</a></dt>
-          <dd>Return <var>serviceWorker</var>'s <a href="#dfn-script-url">script url</a>.</dd>
-          <p class="issue">Remove this definition after sorting out the referencing sites.</p>
+          <dt>The <a for="environment settings object">referrer policy</a></dt>
+          <dd>Return <var>workerGlobalScope</var>'s <a for="workerglobalscope">referrer policy</a>.</dd>
           <dt>The <a>API URL character encoding</a></dt>
           <dd>Return UTF-8.</dd>
           <dt>The <a>API base URL</a></dt>
@@ -3199,6 +3208,7 @@ spec: webidl; urlPrefix: https://heycam.github.io/webidl/
       </li>
       <li>Set <var>workerGlobalScope</var>'s <a for="workerglobalscope">url</a> to <var>serviceWorker</var>'s <a href="#dfn-script-url">script url</a>.</li>
       <li>Set <var>workerGlobalScope</var>'s <a for="workerglobalscope">HTTPS state</a> to <var>serviceWorker</var>'s <a>script resource</a>'s <a href="#dfn-https-state">HTTPS state</a>.</li>
+      <li>Set <var>workerGlobalScope</var>'s <a for="workerglobalscope">referrer policy</a> to <var>serviceWorker</var>'s <a>script resource</a>'s <a href="#dfn-referrer-policy">referrer policy</a>.</li>
       <li>Set <var>workerGlobalScope</var>'s <a for="workerglobalscope">type</a> to <var>serviceWorker</var>'s <a href="#dfn-type">type</a>.</li>
       <li>Create a new {{WorkerLocation}} object and associate it with <var>workerGlobalScope</var>.</li>
       <li>If <var>serviceWorker</var> is an <a href="#dfn-active-worker">active worker</a>, and there are any <a>tasks</a> queued in <var>serviceWorker</var>'s <a href="#dfn-containing-service-worker-registration">containing service worker registration</a>'s <a href="#dfn-service-worker-registration-task-queue">task queues</a>, <a lt="queue a task">queue</a> them to <var>serviceWorker</var>'s <a>event loop</a>'s <a for="event loop">task queues</a> in the same order using their original <a>task sources</a>.</li>
diff --git a/docs/v1/index.html b/docs/v1/index.html
index 89b8bfa7..7261c1af 100644
--- a/docs/v1/index.html
+++ b/docs/v1/index.html
@@ -1732,7 +1732,7 @@ <h3 class="heading settled" data-level="2.1" id="service-worker-concept"><span c
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-19">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-containing-service-worker-registration">containing service worker registration</dfn> (a <a href="#dfn-service-worker-registration" id="ref-for-dfn-service-worker-registration-1">service worker registration</a>), which contains itself.</p>
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-20">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-service-worker-id">id</dfn> (an opaque string), which uniquely identifies itself during the lifetime of its <a href="#dfn-containing-service-worker-registration" id="ref-for-dfn-containing-service-worker-registration-1">containing service worker registration</a>.</p>
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-21">service worker</a> is dispatched a set of <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-lifecycle-events">lifecycle events</dfn>, <a href="#service-worker-global-scope-install-event" id="ref-for-service-worker-global-scope-install-event-1">install</a> and <a href="#service-worker-global-scope-activate-event" id="ref-for-service-worker-global-scope-activate-event-1">activate</a>, and <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-functional-events">functional events</dfn> including <a href="#service-worker-global-scope-fetch-event" id="ref-for-service-worker-global-scope-fetch-event-1">fetch</a>.</p>
-     <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-22">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-script-resource">script resource</dfn> (a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-script">script</a>), which represents its own script resource. It is initially set to null. A <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-1">script resource</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-has-ever-been-evaluated-flag">has ever been evaluated flag</dfn>. It is initially unset. A <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-2">script resource</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-https-state">HTTPS state</dfn> which is "<code>none</code>", "<code>deprecated</code>", or "<code>modern</code>". Unless stated otherwise, it is "<code>none</code>".</p>
+     <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-22">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-script-resource">script resource</dfn> (a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-script">script</a>), which represents its own script resource. It is initially set to null. A <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-1">script resource</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-has-ever-been-evaluated-flag">has ever been evaluated flag</dfn>. It is initially unset. A <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-2">script resource</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-https-state">HTTPS state</dfn> (an <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-https-state-value">HTTPS state value</a>). It is initially "<code>none</code>". A <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-3">script resource</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-referrer-policy">referrer policy</dfn> (a <a href="https://w3c.github.io/webappsec-referrer-policy/#referrer-policy">referrer policy</a>). It is initially the empty string.</p>
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-23">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-script-resource-map">script resource map</dfn> which is a <a data-link-type="dfn" href="http://www.ecma-international.org/ecma-262/6.0/#sec-list-and-record-specification-type">List</a> of the <a data-link-type="dfn" href="http://www.ecma-international.org/ecma-262/6.0/#sec-list-and-record-specification-type">Record</a> {[[key]], [[value]]} where [[key]] is a <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url">URL</a> and [[value]] is a <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-response-response">response</a>.</p>
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-24">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-skip-waiting-flag">skip waiting flag</dfn>. Unless stated otherwise it is unset.</p>
      <p>A <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-25">service worker</a> has an associated <dfn class="dfn-paneled" data-dfn-for="service worker" data-dfn-type="dfn" data-export="" id="dfn-imported-scripts-updated-flag">imported scripts updated flag</dfn>. It is initially unset.</p>
@@ -3585,8 +3585,8 @@ <h3 class="heading settled" data-level="6.1" id="secure-context"><span class="se
      <h3 class="heading settled" data-level="6.2" id="content-security-policy"><span class="secno">6.2. </span><span class="content">Content Security Policy</span><a class="self-link" href="#content-security-policy"></a></h3>
      <p>Whenever a user agent invokes <a href="#run-service-worker-algorithm">Run Service Worker</a> algorithm with a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-80">service worker</a> <var>serviceWorker</var>: </p>
      <ul>
-      <li>If <var>serviceWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-3">script resource</a> was delivered with a <code>Content-Security-Policy</code> HTTP header containing the value <var>policy</var>, the user agent <em class="rfc2119" title="MUST">must</em> <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/2/#enforce">enforce</a> <var>policy</var> for <var>serviceWorker</var>.
-      <li>If <var>serviceWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-4">script resource</a> was delivered with a <code>Content-Security-Policy-Report-Only</code> HTTP header containing the value <var>policy</var>, the user agent <em class="rfc2119" title="MUST">must</em> <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/2/#monitor">monitor</a> <var>policy</var> for <var>serviceWorker</var>.
+      <li>If <var>serviceWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-4">script resource</a> was delivered with a <code>Content-Security-Policy</code> HTTP header containing the value <var>policy</var>, the user agent <em class="rfc2119" title="MUST">must</em> <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/2/#enforce">enforce</a> <var>policy</var> for <var>serviceWorker</var>.
+      <li>If <var>serviceWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-5">script resource</a> was delivered with a <code>Content-Security-Policy-Report-Only</code> HTTP header containing the value <var>policy</var>, the user agent <em class="rfc2119" title="MUST">must</em> <a data-link-type="dfn" href="https://w3c.github.io/webappsec-csp/2/#monitor">monitor</a> <var>policy</var> for <var>serviceWorker</var>.
      </ul>
      <p></p>
      <p>The primary reason for this restriction is to mitigate a broad class of content injection vulnerabilities, such as cross-site scripting (XSS).</p>
@@ -3895,6 +3895,8 @@ <h3 class="heading settled" id="update-algorithm"><span class="content">Update</
          <li>Invoke <a href="#reject-job-promise-algorithm">Reject Job Promise</a> with <var>job</var> and a <code>TypeError</code>.
          <li>Invoke <a href="#finish-job-algorithm">Finish Job</a> with <var>job</var> and abort these steps.
         </ol>
+       <li>Let <var>httpsState</var> be "<code>none</code>".
+       <li>Let <var>referrerPolicy</var> be the empty string.
        <li>
         Switching on <var>job</var>’s <a data-link-type="dfn" href="#dfn-job-worker-type" id="ref-for-dfn-job-worker-type-2">worker type</a>, run these substeps with the following options: 
         <dl>
@@ -3927,6 +3929,8 @@ <h3 class="heading settled" id="update-algorithm"><span class="content">Update</
          <li>
           Let <var>serviceWorkerAllowed</var> be the result of <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-header-parse">parsing</a> `<code>Service-Worker-Allowed</code>` in <var>response</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-response-header-list">header list</a>. 
           <p class="note" role="note">See the definition of the Service-Worker-Allowed header in Appendix B: Extended HTTP headers.</p>
+         <li>Set <var>httpsState</var> to <var>response</var>’s <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-response-https-state">HTTPS state</a>.
+         <li>Set <var>referrerPolicy</var> to the result of <a href="https://w3c.github.io/webappsec-referrer-policy/#parse-referrer-policy-from-header">parsing the `<code>Referrer-Policy</code>` header</a> of <var>response</var>.
          <li>
           If <var>serviceWorkerAllowed</var> is failure, then: 
           <ol>
@@ -3969,7 +3973,7 @@ <h3 class="heading settled" id="update-algorithm"><span class="content">Update</
         <p></p>
         <p>Else, continue the rest of these steps after the algorithm’s asynchronous completion, with <var>script</var> being the asynchronous completion value.</p>
        <li>
-        If <var>newestWorker</var> is not null, <var>newestWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-5">script url</a> <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-equals">equals</a> <var>job</var>’s <a href="#dfn-job-script-url" id="ref-for-dfn-job-script-url-11">script url</a> with the <em>exclude fragments flag</em> set, and <var>script</var> is a byte-for-byte match with <var>newestWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-5">script resource</a>, then: 
+        If <var>newestWorker</var> is not null, <var>newestWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-5">script url</a> <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-equals">equals</a> <var>job</var>’s <a href="#dfn-job-script-url" id="ref-for-dfn-job-script-url-11">script url</a> with the <em>exclude fragments flag</em> set, and <var>script</var> is a byte-for-byte match with <var>newestWorker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-6">script resource</a>, then: 
         <ol>
          <li>Invoke <a href="#resolve-job-promise-algorithm">Resolve Job Promise</a> with <var>job</var> and the <code class="idl"><a data-link-type="idl" href="#service-worker-registration-interface" id="ref-for-service-worker-registration-interface-18">ServiceWorkerRegistration</a></code> object which represents <var>registration</var>.
          <li>Invoke <a href="#finish-job-algorithm">Finish Job</a> with <var>job</var> and abort these steps.
@@ -3979,7 +3983,9 @@ <h3 class="heading settled" id="update-algorithm"><span class="content">Update</
         <ol>
          <li>Let <var>worker</var> be a new <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-94">service worker</a>.
          <li>Generate a unique opaque string and set <var>worker</var>’s <a href="#dfn-service-worker-id" id="ref-for-dfn-service-worker-id-1">id</a> to the value.
-         <li>Set <var>worker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-6">script url</a> to <var>job</var>’s <a href="#dfn-job-script-url" id="ref-for-dfn-job-script-url-12">script url</a>, <var>worker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-6">script resource</a> to <var>script</var>, and <var>worker</var>’s <a href="#dfn-type" id="ref-for-dfn-type-2">type</a> to <var>job</var>’s <a data-link-type="dfn" href="#dfn-job-worker-type" id="ref-for-dfn-job-worker-type-3">worker type</a>.
+         <li>Set <var>worker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-6">script url</a> to <var>job</var>’s <a href="#dfn-job-script-url" id="ref-for-dfn-job-script-url-12">script url</a>, <var>worker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-7">script resource</a> to <var>script</var>, and <var>worker</var>’s <a href="#dfn-type" id="ref-for-dfn-type-2">type</a> to <var>job</var>’s <a data-link-type="dfn" href="#dfn-job-worker-type" id="ref-for-dfn-job-worker-type-3">worker type</a>.
+         <li>Set <var>worker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-8">script resource</a>’s <a href="#dfn-https-state" id="ref-for-dfn-https-state-1">HTTPS state</a> to <var>httpsState</var>.
+         <li>Set <var>worker</var>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-9">script resource</a>’s <a href="#dfn-referrer-policy" id="ref-for-dfn-referrer-policy-1">referrer policy</a> to <var>referrerPolicy</var>.
          <li>Invoke <a href="#run-service-worker-algorithm">Run Service Worker</a> algorithm with <var>worker</var> as the argument.
          <li>
           If an uncaught runtime script error occurs during the above step, then: 
@@ -4141,7 +4147,7 @@ <h3 class="heading settled" id="run-service-worker-algorithm"><span class="conte
        <dd>None
       </dl>
       <ol>
-       <li>Let <var>script</var> be <var>serviceWorker</var>’s <a data-link-type="dfn" href="#dfn-script-resource" id="ref-for-dfn-script-resource-7">script resource</a>.
+       <li>Let <var>script</var> be <var>serviceWorker</var>’s <a data-link-type="dfn" href="#dfn-script-resource" id="ref-for-dfn-script-resource-10">script resource</a>.
        <li>Assert: <var>script</var> is not null.
        <li>If <var>serviceWorker</var> is already running, abort these steps.
        <li>Create a separate parallel execution environment (i.e. a separate thread or process or equivalent construct), and run the rest of these steps in that context.
@@ -4162,13 +4168,12 @@ <h3 class="heading settled" id="run-service-worker-algorithm"><span class="conte
          <dd>Return <var>workerGlobalScope</var>.
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#responsible-event-loop">responsible event loop</a>
          <dd>Return <var>workerEventLoop</var>.
-         <dt>The <a data-link-type="dfn">referrer source</a>
-         <dd>Return <var>serviceWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-8">script url</a>.
-         <p class="issue" id="issue-b739bfcf"><a class="self-link" href="#issue-b739bfcf"></a>Remove this definition after sorting out the referencing sites.</p>
+         <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-referrer-policy">referrer policy</a>
+         <dd>Return <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-referrer-policy">referrer policy</a>.
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#api-url-character-encoding">API URL character encoding</a>
          <dd>Return UTF-8.
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#api-base-url">API base URL</a>
-         <dd>Return <var>serviceWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-9">script url</a>.
+         <dd>Return <var>serviceWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-8">script url</a>.
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#origin-2">origin</a>
          <dd>Return its registering <a href="#dfn-service-worker-client" id="ref-for-dfn-service-worker-client-40">service worker client</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#origin-2">origin</a>.
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#creation-url">creation URL</a>
@@ -4176,8 +4181,9 @@ <h3 class="heading settled" id="run-service-worker-algorithm"><span class="conte
          <dt>The <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#https-state">HTTPS state</a>
          <dd>Return <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-https-state">HTTPS state</a>.
         </dl>
-       <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-url">url</a> to <var>serviceWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-10">script url</a>.
-       <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-https-state">HTTPS state</a> to <var>serviceWorker</var>’s <a data-link-type="dfn" href="#dfn-script-resource" id="ref-for-dfn-script-resource-8">script resource</a>’s <a href="#dfn-https-state" id="ref-for-dfn-https-state-1">HTTPS state</a>.
+       <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-url">url</a> to <var>serviceWorker</var>’s <a href="#dfn-script-url" id="ref-for-dfn-script-url-9">script url</a>.
+       <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-https-state">HTTPS state</a> to <var>serviceWorker</var>’s <a data-link-type="dfn" href="#dfn-script-resource" id="ref-for-dfn-script-resource-11">script resource</a>’s <a href="#dfn-https-state" id="ref-for-dfn-https-state-2">HTTPS state</a>.
+       <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-referrer-policy">referrer policy</a> to <var>serviceWorker</var>’s <a data-link-type="dfn" href="#dfn-script-resource" id="ref-for-dfn-script-resource-12">script resource</a>’s <a href="#dfn-referrer-policy" id="ref-for-dfn-referrer-policy-2">referrer policy</a>.
        <li>Set <var>workerGlobalScope</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/workers.html#concept-workerglobalscope-type">type</a> to <var>serviceWorker</var>’s <a href="#dfn-type" id="ref-for-dfn-type-4">type</a>.
        <li>Create a new <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/workers.html#workerlocation">WorkerLocation</a></code> object and associate it with <var>workerGlobalScope</var>.
        <li>If <var>serviceWorker</var> is an <a href="#dfn-active-worker" id="ref-for-dfn-active-worker-29">active worker</a>, and there are any <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-task">tasks</a> queued in <var>serviceWorker</var>’s <a href="#dfn-containing-service-worker-registration" id="ref-for-dfn-containing-service-worker-registration-12">containing service worker registration</a>’s <a href="#dfn-service-worker-registration-task-queue" id="ref-for-dfn-service-worker-registration-task-queue-3">task queues</a>, <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#queue-a-task">queue</a> them to <var>serviceWorker</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#event-loop">event loop</a>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#task-queue">task queues</a> in the same order using their original <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#task-source">task sources</a>.
@@ -4822,17 +4828,17 @@ <h3 class="heading settled" id="batch-cache-operations-algorithm"><span class="c
      <h2 class="heading settled" id="extended-http-headers"><span class="content">Appendix B: Extended HTTP headers</span><a class="self-link" href="#extended-http-headers"></a></h2>
      <section>
       <h3 class="heading settled" id="service-worker-script-request"><span class="content">Service Worker Script Request</span><a class="self-link" href="#service-worker-script-request"></a></h3>
-      <p>An HTTP request to <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-fetch">fetch</a> a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-112">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-9">script resource</a> will include the following <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-header">header</a>:</p>
+      <p>An HTTP request to <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-fetch">fetch</a> a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-112">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-13">script resource</a> will include the following <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-header">header</a>:</p>
       <dl>
        <dt>`<dfn data-dfn-type="dfn" data-noexport="" id="service-worker"><code>Service-Worker</code><a class="self-link" href="#service-worker"></a></dfn>`
        <dd>
-        Indicates this request is a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-113">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-10">script resource</a> request. 
+        Indicates this request is a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-113">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-14">script resource</a> request. 
         <p class="note" role="note">This header helps administrators log the requests and detect threats.</p>
       </dl>
      </section>
      <section>
       <h3 class="heading settled" id="service-worker-script-response"><span class="content">Service Worker Script Response</span><a class="self-link" href="#service-worker-script-response"></a></h3>
-      <p>An HTTP response to a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-114">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-11">script resource</a> request can include the following <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-header">header</a>:</p>
+      <p>An HTTP response to a <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-114">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-15">script resource</a> request can include the following <a data-link-type="dfn" href="https://fetch.spec.whatwg.org/#concept-header">header</a>:</p>
       <dl>
        <dt>`<dfn data-dfn-type="dfn" data-noexport="" id="service-worker-allowed"><code>Service-Worker-Allowed</code><a class="self-link" href="#service-worker-allowed"></a></dfn>`
        <dd>
@@ -4878,7 +4884,7 @@ <h3 class="heading settled" id="service-worker-script-response"><span class="con
      </section>
      <section>
       <h3 class="heading settled" id="syntax"><span class="content">Syntax</span><a class="self-link" href="#syntax"></a></h3>
-      <p><a data-link-type="biblio" href="#biblio-rfc5234">ABNF</a> for the values of the headers used by the <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-115">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-12">script resource</a> requests and responses:</p>
+      <p><a data-link-type="biblio" href="#biblio-rfc5234">ABNF</a> for the values of the headers used by the <a href="#dfn-service-worker" id="ref-for-dfn-service-worker-115">service worker</a>’s <a href="#dfn-script-resource" id="ref-for-dfn-script-resource-16">script resource</a> requests and responses:</p>
 <pre>Service-Worker = %x73.63.72.69.70.74 ; "script", case-sensitive
 </pre>
       <p class="note" role="note">The validation of the Service-Worker-Allowed header’s values is done by URL parsing algorithm (in Update algorithm) instead of using ABNF.</p>
@@ -5152,6 +5158,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <li><a href="#dfn-ready-promise">ready promise</a><span>, in §3.4</span>
    <li><a href="#dom-serviceworkerstate-redundant">"redundant"</a><span>, in §3.1</span>
    <li><a href="#dom-serviceworkerstate-redundant">redundant</a><span>, in §3.1</span>
+   <li><a href="#dfn-referrer-policy">referrer policy</a><span>, in §2.1</span>
    <li><a href="#dfn-registration-script-url">registering script url</a><span>, in §2.2</span>
    <li><a href="#service-worker-container-register-method">register(scriptURL)</a><span>, in §3.4.3</span>
    <li><a href="#service-worker-container-register-method">register(scriptURL, options)</a><span>, in §3.4.3</span>
@@ -5348,6 +5355,8 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><a href="https://fetch.spec.whatwg.org/#concept-response-header-list">header list</a>
      <li><a href="https://fetch.spec.whatwg.org/#dom-request-headers">headers</a>
      <li><a href="https://fetch.spec.whatwg.org/#concept-http-fetch">http fetch</a>
+     <li><a href="https://fetch.spec.whatwg.org/#concept-response-https-state">https state</a>
+     <li><a href="https://fetch.spec.whatwg.org/#concept-https-state-value">https state value</a>
      <li><a href="https://fetch.spec.whatwg.org/#concept-request-initiator">initiator</a>
      <li><a href="https://fetch.spec.whatwg.org/#concept-body-locked">locked</a>
      <li><a href="https://fetch.spec.whatwg.org/#concept-request-method">method</a>
@@ -5434,6 +5443,7 @@ <h3 class="no-num no-ref heading settled" id="index-defined-elsewhere"><span cla
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#fetching-scripts-perform-fetch">perform the fetch</a>
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#queue-a-task">queue a task</a>
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#realm-execution-context">realm execution context</a>
+     <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-referrer-policy">referrer policy</a>
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-global">relevant global object</a>
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-relevant-realm">relevant realm</a>
      <li><a href="https://html.spec.whatwg.org/multipage/webappapis.html#relevant-settings-object">relevant settings object</a>
@@ -5800,7 +5810,6 @@ <h2 class="no-num no-ref heading settled" id="idl-index"><span class="content">I
   <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content">Issues Index</span><a class="self-link" href="#issues-index"></a></h2>
   <div style="counter-reset:issue">
    <div class="issue">The response’s cache state concept had been removed from fetch. The fetch issue <a href="https://github.com/whatwg/fetch/issues/376">#376</a> tracks the request to restore the concept or add some similar way to check this state.<a href="#issue-3c7457a0"> ↵ </a></div>
-   <div class="issue">Remove this definition after sorting out the referencing sites.<a href="#issue-b739bfcf"> ↵ </a></div>
   </div>
   <aside class="dfn-panel" data-for="dfn-service-worker">
    <b><a href="#dfn-service-worker">#dfn-service-worker</a></b><b>Referenced in:</b>
@@ -5872,7 +5881,7 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     <li><a href="#ref-for-dfn-script-url-3">Register</a>
     <li><a href="#ref-for-dfn-script-url-4">Update</a> <a href="#ref-for-dfn-script-url-5">(2)</a> <a href="#ref-for-dfn-script-url-6">(3)</a>
     <li><a href="#ref-for-dfn-script-url-7">Soft Update</a>
-    <li><a href="#ref-for-dfn-script-url-8">Run Service Worker</a> <a href="#ref-for-dfn-script-url-9">(2)</a> <a href="#ref-for-dfn-script-url-10">(3)</a>
+    <li><a href="#ref-for-dfn-script-url-8">Run Service Worker</a> <a href="#ref-for-dfn-script-url-9">(2)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dfn-type">
@@ -5929,13 +5938,13 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
   <aside class="dfn-panel" data-for="dfn-script-resource">
    <b><a href="#dfn-script-resource">#dfn-script-resource</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-dfn-script-resource-1">2.1. Service Worker</a> <a href="#ref-for-dfn-script-resource-2">(2)</a>
-    <li><a href="#ref-for-dfn-script-resource-3">6.2. Content Security Policy</a> <a href="#ref-for-dfn-script-resource-4">(2)</a>
-    <li><a href="#ref-for-dfn-script-resource-5">Update</a> <a href="#ref-for-dfn-script-resource-6">(2)</a>
-    <li><a href="#ref-for-dfn-script-resource-7">Run Service Worker</a> <a href="#ref-for-dfn-script-resource-8">(2)</a>
-    <li><a href="#ref-for-dfn-script-resource-9">Service Worker Script Request</a> <a href="#ref-for-dfn-script-resource-10">(2)</a>
-    <li><a href="#ref-for-dfn-script-resource-11">Service Worker Script Response</a>
-    <li><a href="#ref-for-dfn-script-resource-12">Syntax</a>
+    <li><a href="#ref-for-dfn-script-resource-1">2.1. Service Worker</a> <a href="#ref-for-dfn-script-resource-2">(2)</a> <a href="#ref-for-dfn-script-resource-3">(3)</a>
+    <li><a href="#ref-for-dfn-script-resource-4">6.2. Content Security Policy</a> <a href="#ref-for-dfn-script-resource-5">(2)</a>
+    <li><a href="#ref-for-dfn-script-resource-6">Update</a> <a href="#ref-for-dfn-script-resource-7">(2)</a> <a href="#ref-for-dfn-script-resource-8">(3)</a> <a href="#ref-for-dfn-script-resource-9">(4)</a>
+    <li><a href="#ref-for-dfn-script-resource-10">Run Service Worker</a> <a href="#ref-for-dfn-script-resource-11">(2)</a> <a href="#ref-for-dfn-script-resource-12">(3)</a>
+    <li><a href="#ref-for-dfn-script-resource-13">Service Worker Script Request</a> <a href="#ref-for-dfn-script-resource-14">(2)</a>
+    <li><a href="#ref-for-dfn-script-resource-15">Service Worker Script Response</a>
+    <li><a href="#ref-for-dfn-script-resource-16">Syntax</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dfn-has-ever-been-evaluated-flag">
@@ -5947,7 +5956,15 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
   <aside class="dfn-panel" data-for="dfn-https-state">
    <b><a href="#dfn-https-state">#dfn-https-state</a></b><b>Referenced in:</b>
    <ul>
-    <li><a href="#ref-for-dfn-https-state-1">Run Service Worker</a>
+    <li><a href="#ref-for-dfn-https-state-1">Update</a>
+    <li><a href="#ref-for-dfn-https-state-2">Run Service Worker</a>
+   </ul>
+  </aside>
+  <aside class="dfn-panel" data-for="dfn-referrer-policy">
+   <b><a href="#dfn-referrer-policy">#dfn-referrer-policy</a></b><b>Referenced in:</b>
+   <ul>
+    <li><a href="#ref-for-dfn-referrer-policy-1">Update</a>
+    <li><a href="#ref-for-dfn-referrer-policy-2">Run Service Worker</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="dfn-script-resource-map">