[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev HTTP_REFERER missing when posting from CGI

From: Walter Ian Kaye
Subject: Re: lynx-dev HTTP_REFERER missing when posting from CGI
Date: Mon, 31 Dec 2001 12:36:17 -0800

At 11:26a +0000 12/31/2001, David Woolley didst inscribe upon an electronic papyrus:

Suppressing the query string is a policy issue.

But why doesn't the lynx.cfg setting have any effect? I think that is a bug!

From the Lynx point of view, I believe it is simply that it might contain passwords, but, it is also worth noting that if you look at sample output from web log analysis products you will see that people analyze the query strings, when the referer is a search engine, to find the keywords used. This, and the general ability to do click trailing, including cross site click trailing, mean that a significant number of people consider Referer to be an invasion of privacy.

With that attitude, Lynx should summarily reject all third-party cookies.
It doesn't, and neither should it summarily reject the referer query string.

Because of the privacy issues, you should not write sites that depend on Referer. They will not only break for Lynx, but also for people who install proxies that deliberately introduce a bogus Referer.

So I have to write some kind of expiring-token thing then?

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]