| ▲ | IdiotSavage an hour ago | |
> Where you were before > news.ycombinator.com This has always bothered me the most. I disabled the 'Referer' header once, but it breaks many websites. | ||
| ▲ | mwheelz an hour ago | parent [-] | |
The Referer header is the one that's hardest to opt out of cleanly, strip it at the network level and too many things break. Referrer-Policy lets the origin set the rule, but the visitor doesn't get to choose. There's a quiet move toward Referrer-Policy: strict-origin-when-cross-origin as a sane default in modern browsers but it's still origin-dictated, not visitor-dictated. | ||