Hi Joe, On 11/18/14, 6:21 PM, Joseph Lorenzo Hall wrote: > > (Incidentally, if something outside the browser inserts this header it > may be very difficult for the user to actually turn off, as well. I'm > not sure if that's something you've thought about. In DNT, there are > applications you can install that will insert that header for you on > each request (AVG does this).) If that is detected (and it is easily detected by comparing against a TLS request), the content provider is not likely to make use of the safe bit. In fact the content provider is in a good position to warn the user that this sort of thing is going on. Eliot
Attachment:
signature.asc
Description: OpenPGP digital signature