- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Thu, 01 Dec 2011 17:44:51 +0100
- To: Karl Dubost <karld@opera.com>
- Cc: "<public-tracking@w3.org> (public-tracking@w3.org)" <public-tracking@w3.org>
* Karl Dubost wrote: >Would it make sense in an implementation to not send the Referer when DNT:1? One problem with that is that the header and the corresponding APIs are sometimes used for security purposes (you might require the user to log in again or solve a captcha when you can't confirm they initiated some action on the site). It might be better to strip things like path and query, or sending some http://invalid.invalid/ string for cross-site re- quests. Some sites also break if you don't send a Referer header, there are some captcha systems for instance that cannot be used if you disable the Referer header. And site owners are generally pretty unhappy if you strip them of this kind of information entirely, so this would make DNT harder to sell. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de 25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Thursday, 1 December 2011 16:45:31 UTC