Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

POSTs and HTTPs are good, but here's a few other ideas:

1) Embed the images in iframes, which are then embedded in the page. The iframes will swallow the referrer, so provided they are hosted somewhere where logs are discarded then it should be fine (I'd want to cross-browser test this before relying on it though).

2) If the browser supports data: URIs, then embed the image in the page. Obviously this might have some costs, but you could do it for HTTPS only perhaps?

3) Request the images in Base64 encoded form (or binary strings) via XMLHttpRequest after the page has loaded. You can overwrite the Referrer header in XMLHttpRequest

4) Preload the images BEFORE the search is done (ie, on the search page). With appropriate headers Amazon won't see a request (this won't work from the browser bar, though. I could imagine some ways around that, but I'm not sure they are worth it)



> 1) Embed the images in iframes, which are then embedded in the page. The iframes will swallow the referrer, so provided they are hosted somewhere where logs are discarded then it should be fine (I'd want to cross-browser test this before relying on it though).

https will swallow referer automatically.


Which is why I said "..HTTPS is a good idea".

There are valid reasons why serving everything under HTTPS isn't always a good idea. The obvious one is CPU cost, but cache performance can also be affected. See, for example: http://blogs.msdn.com/ieinternals/archive/2010/04/21/Interne...

http://blog.pluron.com/2008/07/why-you-should.html

(I'm not saying that https isn't the best option. I'm just pointing out other options that can work with plain http.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: