A couple of good questions I have seen, and my best attempt to answer them:

1. Don't you mean rel? No, I mean rev. It indicates a reverse link.

2. Why not make your URLs short in the first place? I happen to like my URLs and have made them as short as I want them. They're only too long in some very specific use cases, like Twitter. I could just complain about Twitter, or I could support an idea that makes URL shortening suck less. I chose the latter.

Thanks for reading, and please do feel free to criticize whatever you think is wrong with this idea. I'd like a way to indicate a preferred short URL for my own stuff, and this seems like a pretty good way to do it that makes sense semantically and is easy to implement. For an ongoing discussion about adding an HTTP header to do the same thing (so that only a HEAD request is required), read here:

http://shiflett.org/blog/2009/apr/a-rev-canonical-http-header

The safeguard you're describing protects against CSRF and has nothing to do with XSS.

What new security techniques have you applied to your coding practices to try and remove the likelihood of security flaws? What do you feel that you do differently to others in the market, and do you feel that you can learn from someone else? Are there automatic programs/techniques (that you would recommend) and that we (i.e the rest of the industry) can use in our coding ?