We're #1 on Hacker News at the moment!

[Eugene Wissner]

On Tuesday, 28 April 2020 at 12:58:15 UTC, SashaGreat wrote:
> On Tuesday, 28 April 2020 at 12:52:54 UTC, WebFreak001 wrote:
>> On Tuesday, 28 April 2020 at 12:49:39 UTC, SashaGreat wrote:
>>> On Tuesday, 28 April 2020 at 11:43:28 UTC, Walter Bright 
>>> wrote:
>>>> The reason for the non-specific link is your votes aren't 
>>>> counted if you access it with the specific one.
>>>
>>> How do you know that?
>>>
>>> I mean this seems a bit awkward, because if you say is true, 
>>> I'm pretty sure they would know this by setting something 
>>> trough cookies, so if I access the direct link then go to 
>>> main page and finally go back to the link it would work? This 
>>> sound crazy!
>>
>> If they do it, they can just look if you came from the 
>> homepage because the browser sends where you came from 
>> (Referer header)
>
> Will this work even if Not Tracking is enabled?
>
> If it's the case then just refreshing or open the link in 
> another page would clear the Referrer Header right?
>
> S.

Firefox 76 not tracking mode: The Referer header contains only 
the domain and not the complete URL.

You can disable the Referer header completely, but you probably 
shouldn't; Referer makes it possible to implement cookie-free 
csrf protection. At least sending the domain if you don't change 
the domain - is a good idea (so leave Referer empty if you are 
coming from another site, otherwise send the current domain or 
the complete URL).

Just refreshing the page, doesn't clear the Referer.

To make things more privacy-friendly the Origin header was 
introduced, which behaves similar to the Referer in "not tracking 
mode", but my Firefox doesn't seem to send it (not sure if the 
defaults are different nowadays).