Piggy backing off of this post. I'd like to take the opportunity to remind people of the security hazards of referrer addresses and keeping sensitive information out of your query parameters. <i></i>If you have third party images or third party links on your site, sensitive user information is leaked through the referrer address<i></i> if the data is in your GET parameters. If you have an OAuth scheme, double check to make sure you don't have external links or third party images in your login/redirect/authentication process. Sensitive information should ALWAYS be sent via POST request and your referer policy should be set appropriately. Read more here: <a href="https://developer.mozilla.org/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns" rel="nofollow">https://developer.mozilla.org/en-US/docs/Web/Security/Refere...</a>
I just love it when I enter a store and someone who followed me go tell the seller all the shops I visited, what I shopped, for how long, what I searched and what I read<p>We have to stop this non-sense, and stop calling this « innovation »
I don't get the point of this in a client script. What does it do that can't be done server side with the http headers? Maybe it can be useful inside SPAs but this sort of info should be immutable and read only which is next to impossible on front facing apps.
I've been looking at the Chameleon extension recently. Anyone have any experience with it? Apparently it spoofs a ton of stuff to make tracking harder.
This seems pretty fragile. I visited first from Feedly and then from HN and both times it counted my visit as "direct" (ie no referrer).<p>Or is this just Firefox kicking ass?
Your source is: direct visit.<p>No, I clicked a link from 2 different domains (my rss reader and here) - so that means my browser privacy addons work? :)