W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1997

Re: confidentiality and the referer field

From: David W. Morris <dwm@xpasc.com>
Date: Thu, 26 Jun 1997 12:39:27 -0700 (PDT)
To: Hallam-Baker <hallam@ai.mit.edu>
Cc: http-wg@cuckoo.hpl.hp.com
Message-Id: <Pine.GSO.3.96.970626123745.9283B-100000@shell1.aimnet.com>


On Thu, 26 Jun 1997, Hallam-Baker wrote:

> A while back I suggested (and mispelt) the referer field. While nobody
> seems to be using it for its intended purpose of making links bidirectional
> there is a concern over it inadvertently causing information leakage.

I think it is being used in some cases to help track broken links.

> Specifically I I have a confidential document P that links to Q I may want
> to instruct browsers not to pass on the referer field. It seems to me that
> this would be an easy enhancement to add to the spec but what the best
> way of transporting this information is I'm not sure.

Well it would fit fairly nicely in the set of browser behaviors controlled
by the UA-Hint header proposed by my draft on that subject.

Dave Morris
Received on Thursday, 26 June 1997 12:41:26 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:32:45 EDT