undefined | Better HN

0 pointsHackbraten4y ago0 comments

> Some bloggers INCORRECTLY thought that HTTPS didn't secure the URL Flags. Correct fact: parameters passed in the URL like ?item=bla is encrypted

It’s still good practice to keep sensitive info out of URL query parameters, which often leak into server logs.

0 comments

detaro4y ago

And are (were, maybe modern browsers fixed that by now?) sent in HTTP Referers to linked sites, end up in browser history, ...

missblit4y ago

The current default for the Referer header is to send the complete referrer for same-origin requests, to send the origin for cross-origin requests, and to send nothing if going from HTTPS to HTTP.

This is customizable by setting the referrer policy: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Re...

j / k navigate · click thread line to collapse