Well, given that we need to tell them what they are not allowed to do, vs what they they are allowed, we need some "Do-Not-X" standard convention for headers.
For example, I have my browser send all of these with each request:
Do-Not-Eat: 1
Do-Not-Insert-Into-Anus: 1
Do-Not-Do-Evil: 1
Do-Not-Chew-Loudly: 1
Do-Not-Forget-To-Bring-A-Towel: 1
Do-Not-Pee-Into-The-Wind: 1
Do-Not-Give-Me-Up: 1
Do-Not-Let-Me-Down: 1
Do-Not-Turn-Around: 1
Do-Not-Desert-Me: 1
Do-Not-Stab: 1
The last one I added just now because this article opened my eyes to this glaring omission.
For example, I have my browser send all of these with each request:
Do-Not-Eat: 1
Do-Not-Insert-Into-Anus: 1
Do-Not-Do-Evil: 1
Do-Not-Chew-Loudly: 1
Do-Not-Forget-To-Bring-A-Towel: 1
Do-Not-Pee-Into-The-Wind: 1
Do-Not-Give-Me-Up: 1
Do-Not-Let-Me-Down: 1
Do-Not-Turn-Around: 1
Do-Not-Desert-Me: 1
Do-Not-Stab: 1
The last one I added just now because this article opened my eyes to this glaring omission.