- From: Ross Patterson <Ross_Patterson@ns.reston.vmd.sterling.com>
- Date: Wed, 2 Jul 97 09:05:31 EDT
- To: http-wg@cuckoo.hpl.hp.com
Larry Masinter <masinter@parc.xerox.com> writes: >Why don't I ask for volunteers to draft a sentence or two on the >general issue of security/privacy around 'Referer:' and when it >should and shouldn't be sent. If the advice is "Never, unless blah". Unless I missed something, I didn't observe a concensus that REFERER should be deprecated. It serves a very useful purpose for many sites, and isn't overly nasty in terms of privacy - it's a one-step click trail. Of course, if all the clicks are within one site, then a path can be developed from the string of REFERERs, but if you've got the log data you can do that anyway. Most log analysis tools attempt to do that already, with or without REFERER data in the log. Phill Hallam-Baker started this with a vague note that appeared to suggest server-to-client advice on whether or not REFERERs should be generated from the served object. Rather than draft some language deprecating REFERER, let's ask Phill to explain in more detail what he has in mind, and discuss the proposal at that point. Ross Patterson Sterling Software, Inc. VM Software Division
Received on Wednesday, 2 July 1997 06:08:01 UTC