On Wed, 14 May 2008, Bjoern Hoehrmann wrote: > > Note that there are more headers on the list than the ones listed above, > specifically Proxy-*, Sec-*, and it is unclear how to handle, say, the > Cookie and Authorization header.
I think I would lump the Cookie, Cookie2, and Authorization headers in the same bucket as, e.g., Host -- these are headers that the UA should be setting and not headers that should be under author control. Incidentally, I think I would recommend removing the blacklist from AC, since AC has a whitelist. Having both seems pointless. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'