Referrer Securer

Did you know that Firefox (and Epiphany) don’t send referrers when following a link from an SSL encrypted site? The target site cannot tell whether you clicked a link or typed the url in directly.

I don’t know about other browsers, but this seems like a sane behaviour.

Comments

That’s the recommendation in section 15.1.3 of http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTPrequest if the referring page was transferred with a secure protocol.

If I recall correctly, IE does send the referrer when going from SSL to non-SSL.

Leave a Reply