Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Does the current spec take into account that unscrupulous ISPs (I'm thinking about hotel WiFi in particular) can strip the header before forwarding a request to a server?


It says they shouldn't do that. But you are never going to see enforcement, stripping headers can be sold as "security" to hotels who have no clue what they are doing.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: