HTML Standard Tracker

Diff (omit for latest revision)
Filter

Short URL: http://html5.org/r/1119

File a bug

SVNBugCommentTime (UTC)
1119Introducing the rel=noreferer proposal, and other referer header changes.2007-11-03 08:44
Index: source
===================================================================
--- source	(revision 1118)
+++ source	(revision 1119)
@@ -1034,14 +1034,16 @@
   title="dom-document-referrer"><code>referrer</code></dfn> attribute
   must return either the URI of the page which <span
   title="navigate">navigated</span> the <span>browsing context</span>
-  to the current document (if any), or the empty string (if there is
-  no such originating page, or if the UA has been configured not to
-  report referrers).</p>
+  to the current document (if any), or the empty string if there is no
+  such originating page, or if the UA has been configured not to
+  report referrers, or if the navigation was initiated for a
+  <span>hyperlink</span> with a <code
+  title="rel-noreferer">noreferer</code> keyword.</p>
 
   <p class="note">In the case of HTTP, the <code
   title="dom-document-referrer">referrer</code> DOM attribute will
-  match the <code>Referer</code> (sic) header that was sent when
-  fetching the current page.</p>
+  match the <code title="">Referer</code> (sic) header that was sent
+  when fetching the current page.</p>
 
 
   <p>The <dfn title="dom-document-cookie"><code>cookie</code></dfn>
@@ -28759,10 +28761,11 @@
 
   <p>User agents should allow the user to adjust this behaviour, for
   example in conjunction with a setting that disables the sending of
-  HTTP Referrer headers. Based on the user's preferences, UAs may
-  either <span>ignore</span> the <code title="attr-hyperlink-ping">ping</code>
-  attribute altogether, or selectively ignore URIs in the list
-  (e.g. ignoring any third-party URIs).</p>
+  HTTP <coe title="">Referer</code> headers. Based on the user's
+  preferences, UAs may either <span>ignore</span> the <code
+  title="attr-hyperlink-ping">ping</code> attribute altogether, or
+  selectively ignore URIs in the list (e.g. ignoring any third-party
+  URIs).</p>
 
   <p>For URIs that are HTTP URIs, the requests must be performed using
   the POST method (with an empty entity body in the request). User
@@ -28956,6 +28959,13 @@
     </tr>
 
     <tr>
+     <td><code title="rel-noreferer">noreferer</code></td>
+     <td><em>not allowed</em></td>
+     <td><span>Hyperlink</span></td>
+     <td>Requires that the user agent not send an HTTP <code title="">Referer</code> header if the user follows the hyperlink.</td>
+    </tr>
+
+    <tr>
      <td><code title="rel-pingback">pingback</code></td>
      <td><span title="external resource link">External Resource</span></td>
      <td><em>not allowed</em></td>
@@ -29354,6 +29364,21 @@
   the page.</p>
 
 
+  <h5>Link type "<dfn title="rel-noreferer"><code>noreferer</code></dfn>"</h5>
+
+  <p>The <code title="rel-noreferer">noreferer</code> keyword may be
+  used with <code>a</code> and <code>area</code> elements.</p>
+
+  <p>If a user agent follows a link defined by an <code>a</code> or
+  <code>area</code> element that has the <code
+  title="rel-noreferer">noreferer</code> keyword, the user agent must
+  not include a <code title="">Referer</code> HTTP header (or
+  equivalent for other protocols) in the request.</p>
+
+  <p class="note">The HTTP header is misspelt for historical reasons;
+  this keyword is misspelt for consistency.</p>
+
+
   <h5>Link type "<dfn title="rel-pingback"><code>pingback</code></dfn>"</h5>
 
   <p>The <code title="rel-pingback">pingback</code> keyword may be

|