User:Apking/Web Security Guidelines: Difference between revisions

User:Apking/Web Security Guidelines (view source)

Revision as of 23:34, 27 October 2016

4 bytes removed , 27 October 2016

formatting

Apking

Anti-spam team, Confirmed users

99

edits

@@ Line 547: / Line 547: @@
 = Referrer Policy =
-When a user navigates to a site via a hyperlink or a webpage includes an external resource, browsers inform these sites of the origin of the requests through the use of the HTTP <tt>Referer</tt> (sic) header. Although this can be useful for a variety of purposes, it can also place the privacy of users at risk.  HTTP Referrer Policy is an HTTP header and &lt;meta&gt; tag that allows sites to have fine-grained control over how browsers use the HTTP <tt>Referer</tt> header.  For example, if a page at https://example.com/page.html contains this file <tt>&lt;img src="https://not.example.com/image.jpg"&gt;</tt>, then the browser will send a request like this:
+When a user navigates to a site via a hyperlink or a webpage includes an external resource, browsers inform these sites of the origin of the requests through the use of the HTTP <tt>Referer</tt> (sic) header. Although this can be useful for a variety of purposes, it can also place the privacy of users at risk.  HTTP Referrer Policy is an HTTP header and &lt;meta&gt; tag that allows sites to have fine-grained control over how browsers use the HTTP <tt>Referer</tt> header.  For example, if a page at https://example.com/page.html contains <tt>&lt;img src="https://not.example.com/image.jpg"&gt;</tt>, then the browser will send a request like this:
 <pre>GET /image/jpg HTTP/1.1
 Host: not.example.com
-Referer: https://example.com/page.html
+Referer: https://example.com/page.html</pre>
 To reduce the exposure of this information, it is recommended that websites use HTTP Referrer Policy to either eliminate the Referer header entirely, or reduce the amount of information that it contains.