From 40f35044019a1680517f46ac6e37b8a48b300b9a Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 18 Oct 2022 08:40:24 +0200
Subject: [PATCH] CURLOPT_AUTOREFERER.3: highlight the privacy leak risk

Closes #9757
---
 docs/libcurl/opts/CURLOPT_AUTOREFERER.3 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/libcurl/opts/CURLOPT_AUTOREFERER.3 b/docs/libcurl/opts/CURLOPT_AUTOREFERER.3
index c403b79856..e880eac263 100644
--- a/docs/libcurl/opts/CURLOPT_AUTOREFERER.3
+++ b/docs/libcurl/opts/CURLOPT_AUTOREFERER.3
@@ -32,9 +32,13 @@ CURLOPT_AUTOREFERER \- automatically update the referer header
 CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AUTOREFERER, long autorefer);
 .fi
 .SH DESCRIPTION
-Pass a parameter set to 1 to enable this. When enabled, libcurl will
+Pass a long parameter set to 1 to enable this. When enabled, libcurl will
 automatically set the Referer: header field in HTTP requests to the full URL
 where it follows a Location: redirect.
+
+The automatic referer is set to the full previous URL even when redirects are
+done cross-origin or following redirects to insecure protocols. This is
+considered a minor privacy leak by some.
 .SH DEFAULT
 0, disabled
 .SH PROTOCOLS
-- 
2.47.3