Cross-Origin Requests vs. strict-origin-when-cross-origin: What You Need to