Hacker News new | past | comments | ask | show | jobs | submit login

Also in response to this original suggestion (months ago on reddit), I started serving all images over https. I do not think the referer is sent in plain text, e.g. http://stackoverflow.com/questions/499591/are-https-urls-enc...



I think the combination of a POST instead of a GET and the images via https should be pretty much bullet proof. If someone is stupid enough to re-enable GET requests for their https connections they have only themselves to blame if there is any leakage to the target sites.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: