Re: DNT:1 and HTTP Referrers

* Karl Dubost wrote:
>Would it make sense in an implementation to not send the Referer when DNT:1?

One problem with that is that the header and the corresponding APIs are
sometimes used for security purposes (you might require the user to log
in again or solve a captcha when you can't confirm they initiated some
action on the site). It might be better to strip things like path and
query, or sending some http://invalid.invalid/ string for cross-site re-
quests. Some sites also break if you don't send a Referer header, there
are some captcha systems for instance that cannot be used if you disable
the Referer header. And site owners are generally pretty unhappy if you
strip them of this kind of information entirely, so this would make DNT
harder to sell.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

Received on Thursday, 1 December 2011 16:45:31 UTC