- From: David Woolley <forums@david-woolley.me.uk>
- Date: Fri, 26 Jun 2009 08:34:13 +0100
- To: www-style@w3.org
Robert O'Callahan wrote: > > My understanding is that because of that problem, many firewalls are > configured to strip ALL Referer headers. So all users behind such a > firewall would be denied all fonts on servers that do Referer checking. If I remember correctly, Referer is specified as only providing statistical information. As such, a valid site should not depend on it. However it is true that some people have tried to use it for access control purposes, including anti-deep linking. The reason that people suppress it is the statistical use. I think some just block any query strings, as recovering Google keywords is the most common statistical use of Referer which people consider an invasion of privacy. I would suggest that, whilst blocking internal URLs may be the reason why businesses might want Referer's to be suppressed, the origins of the facility are from click trailing and keyword recovery being seen as invasions of personal privacy. -- David Woolley Emails are not formal business letters, whatever businesses may want. RFC1855 says there should be an address here, but, in a world of spam, that is no longer good advice, as archive address hiding may not work.
Received on Friday, 26 June 2009 07:34:52 UTC