Day 33 of 100DaysOfSpec, Resource metadata management
I am reading and taking notes on the HTML specifications for 100 days as part of #The100DayProject. Read the initial intent/backstory. I am a Microsoft employee but all opinions, comments, etc on this site are my own. I do not speak on behalf of my employer, and thus no comments should be taken as representative of Microsoft's official opinion of the spec. Subsections not listed below were read without comment.
Currently reading in 3.1.2 Resource metadata management.
3.1.2 Resource metadata management
"In the case of HTTP, the referrer IDL attribute will match the Referer (sic) header that was sent when fetching the current page." From reading elsewhere, it does indeed seem that the referrer value can't be changed directly in a scripting language, like Javascript. You can modify the user's browsing history, though (history.pushState(), history.replaceState()), basically accomplishing the same thing.
Non-normative note on cookies: "If the contents are sandboxed into a unique origin (e.g. in an iframe with the sandbox attribute), a SecurityError exception will be thrown on getting and setting."
Some documents are said to be "cookie averse": those with no "browsing context" (so that's N/A to a web page you navigate to in a browser) and with an address lacking a "server-based naming authority". I'm unsure of what would be an example of a document that is inherently cookie averse—can't seem to find a use case other than user-disabled cookies—so probably this is not something to worry about as a web dev, but possibly as a UA.
document.lastModified is returned in the user's time zone.