Re: New work on fonts at W3C

Robert O'Callahan wrote:

> My understanding is that because of that problem, many firewalls are 
> configured to strip ALL Referer headers. So all users behind such a 
> firewall would be denied all fonts on servers that do Referer checking.

If I remember correctly, Referer is specified as only providing 
statistical information.  As such, a valid site should not depend on it. 
  However it is true that some people have tried to use it for access 
control purposes, including anti-deep linking.

The reason that people suppress it is the statistical use.  I think some 
just block any query strings, as recovering Google keywords is the most 
common statistical use of Referer which people consider an invasion of 
privacy.  I would suggest that, whilst blocking internal URLs may be the 
reason why businesses might want Referer's to be suppressed, the origins 
of the facility are from click trailing and keyword recovery being seen 
as invasions of personal privacy.

David Woolley
Emails are not formal business letters, whatever businesses may want.
RFC1855 says there should be an address here, but, in a world of spam,
that is no longer good advice, as archive address hiding may not work.

Received on Friday, 26 June 2009 07:34:52 UTC