Murray S. Kucherawy wrote: > > > From: Richard Barnes [mailto:rbarnes@xxxxxxx] > > > > Seems like it depends on your definitions of "abusive" and > > "legitimate". Do you have an example? > > For a contrived example, let's say a registered HTTP header field > that's only ever found to be present in web pages used by bad actors, > but lots of them. Such as "P3P:" ? :-D -Martin http://www.h-online.com/security/news/item/Google-also-bypassed-cookie-settings-in-Internet-Explorer-1438781.html _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf