W3C home > Mailing lists > Public > public-web-security@w3.org > May 2011

Re: scrub-referrer directive?

From: Aryeh Gregor <Simetrical+w3c@gmail.com>
Date: Sun, 29 May 2011 10:20:09 -0400
Message-ID: <BANLkTinEMmbxqTyjNLZMJEDHqB23W9zmFQ@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Adam Barth <w3c@adambarth.com>, Daniel Veditz <dveditz@mozilla.com>, public-web-security@w3.org, Brandon Sterne <bsterne@mozilla.com>, Sid Stamm <sstamm@mozilla.com>
On Sat, May 28, 2011 at 1:17 AM, Nico Williams <nico@cryptonector.com> wrote:
> On Fri, May 27, 2011 at 11:54 PM, Adam Barth <w3c@adambarth.com> wrote:
>> Yeah, the sites that leak data in the paper seem like the types that
>> would be helped more by on-by-default protection.  I'm too scared of
>> what would happen if we nuked Referer by default though.  :(
>
> Well, just what would happen?

Every analytics tool that provides webmasters with statistics about
what sites send them the most traffic, what search terms people use
when reaching their site, etc. would immediately break.  This would
make webmasters very unhappy.

On the other hand, Trac would stop uselessly, annoyingly, and
non-removably highlighting all the places in the page where search
terms appear, when you come from a search engine.  This would make me
happy, so I guess it's a wash.  ;)

Seriously, removing Referer (or making it origin-only) probably isn't
going to actually break very many sites, since it's already not very
reliable.  But it would sure upset a lot of webmasters, because it
provides a lot of useful info.
Received on Sunday, 29 May 2011 14:20:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 29 May 2011 14:20:56 GMT