W3C home > Mailing lists > Public > public-html@w3.org > April 2007

rel=noreferrer

From: Robert Accettura <robert@accettura.com>
Date: Sun, 08 Apr 2007 00:14:54 -0400
Message-ID: <46186C3E.7070605@accettura.com>
To: public-html@w3.org
This is a very small request.

Currently browsers send a HTTP Referer[1] (er Referrer) when you click
on a link to another page.  While this is often very useful, there are
situations where this is less than desirable.  For example this exposes
the url of an intranet, an has even exposed the session ID's of webmail
clients among other url sensitive situations.  The typical workaround is
a "redirect page".  Event his doesn't shield against all situations.
Take for example those with their own domain name.  If you visit a link
in an email read through webmail.yourdomain.com your technically giving
a webmaster who cares a good idea who you are.  The current best fix for
this is to copy/paste the url into your browser.

My proposal is simply to spec a rel="noreferral" <a
href="http://robert.accettura.com" rel="noreferral">Link</a> so that a
website can decide if it's url should be revealed to the linked website.

Yes, this is a small thing.  Though I think it's necessary to allow for
better control of who gets what information.  There are times where
referrals aren't really appropriate.

[1] http://www.w3.org/TR/html401/types.html#type-links

-- 
Robert Accettura
robert@accettura.com





Received on Sunday, 8 April 2007 04:15:28 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:15:52 GMT