Broadcom is using a strict Fetch Metadata Request Header security policy and does not allow user-originated operations (aka manually typing in URLs into the address bar). It's a safety measure sites can utilize to ensure that no malicious content is sent to their servers via a FETCH command.