Referrer Securer

Posted on 16/8/2006 by john

Did you know that Firefox (and Epiphany) don’t send referrers when following a link from an SSL encrypted site? The target site cannot tell whether you clicked a link or typed the url in directly.

I don’t know about other browsers, but this seems like a sane behaviour.

This entry was posted in Security, Tech and tagged , , , , , , , , , . Bookmark the permalink.

One Response to Referrer Securer

  1. Matthew M. Boedicker says:
    17/8/2006 at 03:03

    That’s the recommendation in section 15.1.3 of http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html

    Clients SHOULD NOT include a Referer header field in a (non-secure) HTTPrequest if the referring page was transferred with a secure protocol.

    If I recall correctly, IE does send the referrer when going from SSL to non-SSL.

    Reply

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>