undefined | Better HN

0 pointsaendruk1y ago0 comments

Surely that must use conventional HTTP referrer data—for which we have well established standards, decades of experience managing interactions and edge cases, and norms for respecting user consent—and not some apparently wishful query parameter?

0 comments

mrngm1y ago

https://httpwg.org/specs/rfc9110.html#field.referer

  A user agent SHOULD NOT send a Referer header field if the referring resource was accessed with a secure protocol and the request target has an origin differing from that of the referring resource, unless the referring resource explicitly allows Referer to be sent. A user agent MUST NOT send a Referer header field in an unsecured HTTP request if the referring resource was accessed with a secure protocol.

In other words, it's not guaranteed that this Referer header is set. One can of course choose to remove the query parameter.

aendrukOP1y ago

Yes, that’s the part about interactions and consent. The intent then is to circumvent that? A case of those pesky matters of security and respect for human dignity getting in the way of SEO?

j / k navigate · click thread line to collapse