RE: DNT:1 and HTTP Referrers

I also fear this would have many unintended side effects that would alter the way many websites function.  For instance, I have seen it used frequently for simple internal navigation decisions such as redirects and simple 'back' links.

-----Original Message-----
From: Bjoern Hoehrmann [mailto:derhoermi@gmx.net] 
Sent: Thursday, December 01, 2011 9:45 AM
To: Karl Dubost
Cc: <public-tracking@w3.org> (public-tracking@w3.org)
Subject: Re: DNT:1 and HTTP Referrers

* Karl Dubost wrote:
>Would it make sense in an implementation to not send the Referer when DNT:1?

One problem with that is that the header and the corresponding APIs are sometimes used for security purposes (you might require the user to log in again or solve a captcha when you can't confirm they initiated some action on the site). It might be better to strip things like path and query, or sending some http://invalid.invalid/ string for cross-site re- quests. Some sites also break if you don't send a Referer header, there are some captcha systems for instance that cannot be used if you disable the Referer header. And site owners are generally pretty unhappy if you strip them of this kind of information entirely, so this would make DNT harder to sell.
--
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Am Badedeich 7 · Telefon: +49(0)160/4415681 · http://www.bjoernsworld.de
25899 Dagebüll · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 

Received on Friday, 2 December 2011 15:11:02 UTC