> you will want to know where that typo is ... you will want to know who it
I know you want to know those things. Find another way to handle those issues.
To be a "good reason", you need to show why your reason is worth paying the high price of betraying every user's browsing path to every server. Worrying about hotlinks and typos... "ain't the same fuckin' ballpark, it ain't the same league, it ain't even the same fuckin' sport".
> Any alternative would be much more intrusive.
Did you consider only serving that "large file" only when accompanied with a proper session cookie created when they loaded the HTML file? There are many solutions to those problems, including some that are sever-side-only.
I understand your concerns very well, but I have a different perspective. I don't modify my Referrer header. I want to let the websites I'm using where I came from. A referrer by itself is innocuous - only when you combine it with other nefarious techniques it wreaks havoc on users privacy. But on it's own, in an anonymous browser environment that I tend to use, it's actually quite useful.
I know you want to know those things. Find another way to handle those issues.
To be a "good reason", you need to show why your reason is worth paying the high price of betraying every user's browsing path to every server. Worrying about hotlinks and typos... "ain't the same fuckin' ballpark, it ain't the same league, it ain't even the same fuckin' sport".
> Any alternative would be much more intrusive.
Did you consider only serving that "large file" only when accompanied with a proper session cookie created when they loaded the HTML file? There are many solutions to those problems, including some that are sever-side-only.