Re: confidentiality and the referer field

Hallam-Baker <hallam@ai.mit.edu> writes:

>Incidentally this change would mean that sites would no longe be able to
>control linking to what are being refered to as "internal" pages, forcing
>a user to traverse a site direct from the home page.

Assuming you're not suggesting removing the REFERER header field
altogether, that's not true.  Sites would simply need to decide whether
a request without a REFERER was acceptable or not, and allow or deny
the request accordingly.

Perhaps I misread your suggestion - you DID suggest that an HTTP response
could somehow advise the client not to include REFERERs in requests
generated from links in the response, right?

Ross Patterson
Sterling Software, Inc.
VM Software Division

Received on Thursday, 26 June 1997 13:22:37 UTC