Recently it became well-known that websites can leak information about a user based on if that user is logged in or not with this example that can demonstrate the issue. I’d recommend reading that page for a quick overview of how it can be done (but note that it is not the only way, as I will discuss below). So how can we properly prevent this information leak?