Assuming your library web server has a front-end proxy (I guess this is
pretty common) or at least runs inside Apache httpd or something, then
rather than use the HTML meta tag, it might be easier to set the "referer"
policy via the "Content-Security-Policy" HTTP header field.
https://w3c.github.io/webappsec/specs/content-security-policy/#content-security-policy-header-field
e.g. in Apache httpd with mod_headers:
Header set Content-Security-Policy referrer 'no-referrer'
On 12 June 2015 at 13:55, Frumkin, Jeremy A - (frumkinj) <
[log in to unmask]> wrote:
> Eric -
>
> Many thanks for raising awareness of this. It does feel like encouraging
> good practice re: referrer meta tag would be a good thing, but I would not
> know where to start to make something like this required practice. Did you
> have some thoughts on that?
>
> — jaf
>
> -----------------------------------------------------------
> Jeremy Frumkin
> Associate Dean / Chief Technology Strategist
> University of Arizona Libraries
>
> +1 520.626.7296
> [log in to unmask]
> ——————————————————————————————
> "A person who never made a mistake never tried anything new." - Albert
> Einstein
>
>
>
>
>
>
>
>
>
> On 6/11/15, 8:25 AM, "Eric Hellman" <[log in to unmask]> wrote:
>
> >
> http://go-to-hellman.blogspot.com/2015/06/protect-reader-privacy-with-referrer.html
> <
> http://go-to-hellman.blogspot.com/2015/06/protect-reader-privacy-with-referrer.html
> >
> >
> >I hope this is easy to deploy on library websites, because the privacy
> enhancement is significant.
> >
> >I'd be very interested to know of sites that are using it; I know Thomas
> Dowling implemented a referrer policy on http://oatd.org/ <
> http://oatd.org/>
> >
> >Would it be a good idea to make it a required practice for libraries?
> >
> >
> >Eric Hellman
> >President, Gluejar.Inc.
> >Founder, Unglue.it https://unglue.it/
> >http://go-to-hellman.blogspot.com/
> >twitter: @gluejar
>
|