Is HTTP header Referer sent when going to a http page from a https page?

by

The HTTP RFC states, in section 15.1.3 Encoding Sensitive Information in URI’s :

Clients SHOULD NOT include a Referer
header field in a (non-secure) HTTP
request if the referring page was
transferred with a secure protocol.

So, this is expected / standard behaviour.

More Related Contents:

  1. How to redirect all HTTP requests to HTTPS
  2. How to redirect all HTTP requests to HTTPS using .htaccess rules?
  3. WS on HTTP vs WSS on HTTPS
  4. Are HTTP cookies port specific?
  5. In what cases will HTTP_REFERER be empty
  6. Are querystring parameters secure in HTTPS (HTTP + SSL)? [duplicate]
  7. How to allow http content within an iframe on a https site [duplicate]
  8. Will web browsers cache content over https
  9. Why am I suddenly getting a “Blocked loading mixed active content” issue in Firefox?
  10. Are HTTPS headers encrypted?
  11. With HTTPS, are the URL and the request headers protected as the request body is?
  12. Ideal HTTP cache control headers for different types of resources
  13. Is it safe to put a jwt into the url as a query parameter of a GET request?
  14. Username and password in https url
  15. If you use HTTPS will your URL params will be safe from sniffing? [duplicate]
  16. Should I hash the password before sending it to the server side?
  17. https URL with token parameter : how secure is it?
  18. Is it secure to submit from a HTTP form to HTTPS?
  19. How to fix HttpException: Connection closed before full header was received
  20. SSL Error: unable to get local issuer certificate
  21. curl – Is data encrypted when using the –insecure option?
  22. Is it OK to return a HTTP 401 for a non existent resource instead of 404 to prevent information disclosure?
  23. Why not use HTTPS for everything?
  24. Difference between CSRF and X-CSRF-Token
  25. How to send password securely via HTTP using Javascript in absence of HTTPS?
  26. Easy way to test a URL for 404 in PHP?
  27. Error “You’re accessing the development server over HTTPS, but it only supports HTTP”
  28. How to make an HTTP GET with modified headers?
  29. Avoid caching of the http responses
  30. My website got hacked.. What should I do? [closed]

Leave a Comment