On Sun, Apr 5, 2015 at 9:04 PM, Bjoern Hoehrmann <derhoe...@gmx.net> wrote: > This issue came up several times in the past when people asked for in- > cluding proper rationale in the specification. The response was e.g. > > Because they are better handled by the user agent. Charsets and > encodings are transparent to the API and the user agent surely > knows Referer and User-Agent better. > > in <http://lists.w3.org/Archives/Public/public-webapi/2008May/0408>.
>From that thread I think https://lists.w3.org/Archives/Public/public-webapi/2008May/0456.html is much more telling and combined with your earlier email on Expect is why no action was taken at the time. I think we've learned since then that there might be some value in setting User-Agent as well that perhaps trumps the argument there. And setting Referer to a same-origin URL is probably harmless as well. (Especially since you can get mostly that effect anyway by using service workers.) -- https://annevankesteren.nl/
