e.g. sites using signin.example.org for the actual login flow, and passing referers to www.example.org after login (and erroring when no referer is provided). Don't remember exactly which ones but it happened to me more than once. For this reason I have been running with this set to 1 for years. Same eTLD sites often belong to the same organization so there are other opportunities for tracking anyway, e.g simply through webserver logs.
e.g. sites using
signin.example.org
for the actual login flow, and passing referers towww.example.org
after login (and erroring when no referer is provided). Don't remember exactly which ones but it happened to me more than once. For this reason I have been running with this set to 1 for years. Same eTLD sites often belong to the same organization so there are other opportunities for tracking anyway, e.g simply through webserver logs.