On Sat, Aug 11, 2012 at 3:51 AM, <field...@apache.org> wrote: > Author: fielding > Date: Sat Aug 11 07:51:52 2012 > New Revision: 1371878 > > URL: http://svn.apache.org/viewvc?rev=1371878&view=rev > Log: > Apache does not tolerate deliberate abuse of open standards
I've come around on this one over time. While I appreciate the message/intent, I don't think this is reasonable for the default configuration because it errs on the side of ditching a privacy header and information loss for a (sensitive) header that we're not yet interpreting. IMO it's enough even without this specific DNT text: "An HTTP intermediary must not add, delete, or modify the DNT header field in requests forwarded through that intermediary unless that intermediary has been specifically installed or configured to do so by the user making the requests. For example, an Internet Service Provider must not inject DNT: 1 on behalf of all of their users who have not selected a choice." I'd like to revert it, but this is not yet a veto. I'd like to hear what others think and would appreciate an ACK from Roy/Greg/Jim who voted for the backport to avoid any churn.
