In message <3351F2DF.7DC26A1A@netscape.com>you write: ...
In the eyes of some, the referer header is a privacy violation. It allows a site to see what site you visited before coming there. In the case of Navigator, we ONLY send the referer header when you click on a link. Not when you select a bookmark. Not when you type a URL into the location field. This allows web sites to see who links to them. I think that's something that a web author is entitled to know.
Tom, <ignoring personal privacy issues> I am concerned that the referer field could be a major corporate security leak. In particular, many companies are now using the web for internal project documentation. The URLs often contain project code words or code names. If a project wishes to to establish links to competitors for purposes of benchmarking, or to suppliers, the referer field would leak those code words and/or project organization. In most security handbooks this is a breach of project security. Unfortunately, you (the commercial web community) are creating entitlements which the user community is likely to disagree with strongly. My newspaper does not have an entitlement to know which pages I read, the advertisers in the newspaper do not have entitlements to the knowledge of which ads I scan. Assumption of such entitlements in the web environment will inevitably lead to privacy violations, security leaks and legal action. -Bryan