Re: Netscape Referer header considered harmful?
Eric Murray (ericm@LNE.COM)
Wed, 06 Aug 1997 12:47:49 -0700
Ronald L. Parker writes:
> I found something I consider mildly disturbing while browsing my
> referer log stats today. Viewers to our site today have been referred
> from the following URLs:
>
> file:///Hard%20Disk/System%20Folder/Preferences/Netscape%20%C4/Bookmar
> s.html
> file:C:\NETSCAPE\COMM\PROGRAM\USERS\DEFAULT\BOOKMARK.HTM
> file:///molly's%20bookmarks/molly's%20bookmarks
>
> As you can see, this is a cross-platform problem. What I don't know
> is whether these were sent by people just picking the bookmark from
> the dropdown or by people using their bookmarks file as a home page.
> Not having Communicator myself, and not planning to get it any time
> soon, I can't test this. In any case, file: URLs should be private.
[why leaking Referrer is bad]
Check out my 'cookie jar' program. It blocks cookies, ads
and Referrer (and it'll lie about User-Agent if you wish).
http://www.lne.com/ericm/cookie_jar/
--
Eric Murray Chief Security Scientist N*Able Technologies www.nabletech.com
(email: ericm at lne.com or nabletech.com) PGP keyid:E03F65E5