Just ran this through fiddler on IE6
It appears the IE only sends the hash back to the originating server.
That's a relief!
On May 13, 2009, at 11:10 AM, Brian Eaton wrote:
On Wed, May 13, 2009 at 10:54 AM, Paul Lindner <[email protected]>
wrote:
IE.. Here's the distribution for 10k requests with a referer with
hashdata:
Just tested IE 6, didn't send a fragment for me. People have built
entire web authentication and session management systems based on
browsers not sending fragments in referer headers (search for
webkeys).
Are you sure that you're seeing real fragments in those referer
headers? Maybe somebody is including a URI encoded # character in the
query string, and your logs are reporting that as a real '#'
character?
I'd love a reproducible test case for this.
