- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 11 Nov 2010 13:25:36 +0100
- To: Philip Taylor <pjt47@cam.ac.uk>
- CC: Ian Hickson <ian@hixie.ch>, public-html@w3.org
On 11.11.2010 12:36, Philip Taylor wrote: > ... > A non-trivial percentage of users never send a Referer header (due to > browser configuration or privacy-enhancing firewalls etc), so the usual > approach to prevent hotlinking is to reject any requests with a present > but incorrect Referer, and accept any with a correct or absent Referer. > That avoids hurting Refererless users, but still works to prevent > hotlinking since it breaks the hotlinking page for a vast majority of > users. > > noreferrer will make hotlinked requests indistinguishable from > legitimate requests from users that block Referer. The only way to > prevent hotlinking will then be to block all requests that lack Referer, > which will hurt some legitimate users too. > ... OK, so why is this a problem for <link>, not not for <a>/<area>? Best regards, Julian
Received on Thursday, 11 November 2010 12:26:23 UTC