sylvinus
commented
8 years ago It seems that adding <meta name="referrer" content="origin"> may be a solution: https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-state-origin
Closed sylvinus closed 8 years ago
sylvinus
commented
8 years ago It seems that adding <meta name="referrer" content="origin"> may be a solution: https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-state-origin
hjacobs
commented
8 years ago The Referrer Policy looks like a good solution to me. It seems to be supported in the "important" browsers: http://caniuse.com/#feat=referrer-policy
wumpus
commented
8 years ago I think it's important to default not showing search terms to the destination. That's what the overwhelming majority of search clicks are like today. Referer policy is a way to do that. Isn't that what DDG is currently doing? I'm not sure if that can ever leak, although of course less popular browsers may not have it implemented.
sylvinus
commented
8 years ago Yes, DDG is doing that. Users with older browsers will have much more serious privacy issues than this one anyway so adding the tag should be enough indeed!
Google (by default?) and DuckDuckGo (optionally?) seem to do this with a redirect.
Should we do this by default as well? (At the moment we don't have any way of storing user settings.)
My own opinion is that it breaks the web a little bit, and if users are particularly worried about that they can install browser extensions to hide referrers completely. Open for debate!