- From: William Perry <wmperry@spry.com>
- Date: Tue, 18 Jul 95 06:47 PDT
- To: Daniel DuBois <ddubois@spyglass.com>
- Cc: www-talk@w3.org
Daniel DuBois writes: > In fact, if we are going to design browsers that allow the user the > *option* of following the business card auth scheme, we might as well > design browsers to allow the user the *option* of sending out the 'From:' > field, and, if a server really wanted to, it could alter its output based > on whether or not a From: field exists. Some browsers do exactly that already. Emacs-w3 and I think one other, can't remember right now, allow you to selectively turn off the sending of various parts of the HTTP/1.0 request, including Referer, From, and certain information about the operating system you are running on in the User-Agent field. The HTTP/1.0 specification actually encourages this behaviour (or used to, haven't read the new spec in about 3 weeks) in its addendum about security and privacy related issues. -Bill P.
Received on Tuesday, 18 July 1995 09:43:44 UTC