Re: Sending Referer [#144]

On Mon, Jun 1, 2009 at 11:40 AM, Adam Barth <> wrote:
> With regards to the 'null' value, we should try to pick a value that's
> friendly to regular expressions (i.e., avoids . / [ and similar
> characters) because many web application firewalls (who would use this
> value) express their rules in terms of regular expressions.

One possible value we could use is


There is an I-D kicking around somewhere that defines the about
scheme.  The author might be amenable to allowing about:blank to be
used here (e.g., as a "placeholder" URI when no other URI is

Another possibility is to use something like


and define about:noreferrer to return a resource that describes what
the value means in the Referer header (e.g., the relevant requirements
from HTTPbis).


Received on Monday, 1 June 2009 19:04:06 UTC