- From: Nottingham, Mark <mnotting@akamai.com>
- Date: Tue, 16 Jun 2015 02:41:07 +0000
- To: Franziskus Kiefer <fkiefer@mozilla.com>
- CC: public-webappsec <public-webappsec@w3.org>
Hi, > On 15 Jun 2015, at 1:26 pm, Franziskus Kiefer <fkiefer@mozilla.com> wrote: > > 2) A different problem regarding referrer policies is with respect to request chaching. It essentially boils down to the following question: Are requests that are identical except for their referrer policy supposed to be reused or not? > Consider the following scenario: > Assume we have multiple identical images on a website with different referrer policies. Being strict the image would have to be loaded multiple times in order to honour the referrer policies. However, this creates unnecessary traffic and does not increase privacy as the full referrer is probably sent out for one of the requests anyway. Querying the image only once on the other hand might lead to displaying a wrong image in case the response depends on the referrer.. If the response depends on the referer, all responses for that resource should carry a Vary header that says so. http://httpwg.github.io/specs/rfc7231.html#header.vary http://httpwg.github.io/specs/rfc7234.html#caching.negotiated.responses Cheers, -- Mark Nottingham mnot@akamai.com https://www.mnot.net/
Received on Tuesday, 16 June 2015 02:41:39 UTC