Comment by giancarlostoro

6 hours ago

Quoting web standards, you are more optimistic than I am, unfortunately, nobody uses them consistently or accurately (look at PUT vs POST for create / update as a really good example of this - nobody agrees) its a shame too, there's a lot of richness to the web spec. Most people don't even use "HEAD" to ensure they aren't making wasteful REST calls if they already have the data.

3 comments

giancarlostoro

Reply
afandian  3 hours ago

I was replying to

> All the big products put an intermediary for that reason

Surely whoever maintains the big products can add headers if they want?

And this is about people who care enough about not showing up in Referer headers to do something about it rather than people in general not understanding the full spec .

  • giancarlostoro  1 hour ago

    The other problem is if you're too big like Google, you cannot assume everyone will honor this, which is why they do these redirects.

    • afandian  38 minutes ago

      Referrer-Policy is a response header, so in this case it would be Google sending it, and the browsers who would be honouring it. You have to hope that the browser makers get it correct... Unless I misunderstood?