On Oct 30, 2012, at 11:19 AM, Julian Reschke <[email protected]> wrote:
> On 2012-10-30 10:57, Anne van Kesteren wrote: >> On Tue, Oct 30, 2012 at 10:46 AM, Florian Bösch <[email protected]> wrote: >>> The specification states that "Prefetch requests must not include >>> cookies." which is not an effective measure to prevent user profiling. >> >> I suspect it's to reduce the size of the request. > > -> > <http://tools.ietf.org/html/draft-nottingham-http-browser-hints-04#section-5.10> Pre-fetch has a "must not" for omitting cookies, whereas browser hints are optional. I tend to agree with this being a "must not" requirement. ~Brady
