On 2012-10-30 11:31, Brady Eidson wrote:
On Oct 30, 2012, at 11:19 AM, Julian Reschke <[email protected]> wrote:
On 2012-10-30 10:57, Anne van Kesteren wrote:
On Tue, Oct 30, 2012 at 10:46 AM, Florian Bösch <[email protected]> wrote:
The specification states that "Prefetch requests must not include
cookies." which is not an effective measure to prevent user profiling.
I suspect it's to reduce the size of the request.
->
<http://tools.ietf.org/html/draft-nottingham-http-browser-hints-04#section-5.10>
Pre-fetch has a "must not" for omitting cookies, whereas browser hints are
optional.
I tend to agree with this being a "must not" requirement.
That may be true, but still we shouldn't special-case certain URIs.
Best regards, Julian
