On Mon, Jul 28, 2014 at 8:34 PM, Ian Hickson <i...@hixie.ch> wrote: > What's the use case here? Why are we trying to send custom headers on a > <link>?
E.g. for <img> and such you want to turn authentication dialogs off. Cross-origin images can be fine, but not if they start spawning confusing dialogs to users making them leak passwords. -- http://annevankesteren.nl/