When we load any image or other resources on any webpage, it sometimes send an HTTP header that identifies the URL of the webpage. But for iframe-based canvas applications on Facebook the URL of the iframe may contain UID of the user. To overcome inadvertently sharing this information via the HTTP Referrer header, Facebook would be offering encryption services for user IDs in the near future.