nelhage · December 12, 2012 01:00
diff --git a/nopaste.txt b/nopaste.txt
 Normally, this header is included in most HTTP requests (and
 preserved across HTTP-level redirects), except in the following
 scenarios:
 â After organically entering a new URL into the address bar or
  opening a bookmarked page.
 â When the navigation originates from a pseudo-URL document, such
  as data: or javascript:.
 â When the request is a result of redirection controlled by the
   Refresh header (but not a Location-based one).
 â Whenever the referring site is encrypted but the requested page
  isnât.  According to RFC 2616 section 15.1.2, this is done for
  privacy reasons, but it does not make a lot of sense. The
  Referer string is still disclosed to third parties when one
  navigates from one encrypted domain to an unrelated encrypted
  one, and rest assured, the use of encryption is not synonymous
  with trustworthiness.
 â If the user decides to block or spoof the header by tweaking
  browser settings or installing a privacy-oriented plug-in.
	Normally, this header is included in most HTTP requests (and
	preserved across HTTP-level redirects), except in the following
	scenarios:
	â After organically entering a new URL into the address bar or
	opening a bookmarked page.
	â When the navigation originates from a pseudo-URL document, such
	as data: or javascript:.
	â When the request is a result of redirection controlled by the
	Refresh header (but not a Location-based one).
	â Whenever the referring site is encrypted but the requested page
	isnât. According to RFC 2616 section 15.1.2, this is done for
	privacy reasons, but it does not make a lot of sense. The
	Referer string is still disclosed to third parties when one
	navigates from one encrypted domain to an unrelated encrypted
	one, and rest assured, the use of encryption is not synonymous
	with trustworthiness.
	â If the user decides to block or spoof the header by tweaking
	browser settings or installing a privacy-oriented plug-in.