Y
Hacker News
new
|
ask
|
show
|
jobs
by
HughParry
504 days ago
Good shout. Can always block based on origin header though (when under the assumption that it's a legit browser) since it's a forbidden header name.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Or...
2 comments
kbolino
504 days ago
Neither the Origin nor the Referer headers have anything to do with a 301 redirect.
link
gruez
504 days ago
I just tested on firefox and it doesn't send the "Origin" header when using referrerpolicy="no-referrer". It's also not present when navigating using the url bar directly.
link