The HTTP RFC states, in section 15.1.3 Encoding Sensitive Information in URI’s :
Clients SHOULD NOT include a Referer
header field in a (non-secure) HTTP
request if the referring page was
transferred with a secure protocol.
So, this is expected / standard behaviour.
More Related Contents:
- How to redirect all HTTP requests to HTTPS
- How to redirect all HTTP requests to HTTPS using .htaccess rules?
- WS on HTTP vs WSS on HTTPS
- Are HTTP cookies port specific?
- In what cases will HTTP_REFERER be empty
- Are querystring parameters secure in HTTPS (HTTP + SSL)? [duplicate]
- How to allow http content within an iframe on a https site [duplicate]
- Will web browsers cache content over https
- Why am I suddenly getting a “Blocked loading mixed active content” issue in Firefox?
- Are HTTPS headers encrypted?
- With HTTPS, are the URL and the request headers protected as the request body is?
- Ideal HTTP cache control headers for different types of resources
- Is it safe to put a jwt into the url as a query parameter of a GET request?
- Username and password in https url
- If you use HTTPS will your URL params will be safe from sniffing? [duplicate]
- Should I hash the password before sending it to the server side?
- https URL with token parameter : how secure is it?
- Is it secure to submit from a HTTP form to HTTPS?
- How to fix HttpException: Connection closed before full header was received
- SSL Error: unable to get local issuer certificate
- curl – Is data encrypted when using the –insecure option?
- Is it OK to return a HTTP 401 for a non existent resource instead of 404 to prevent information disclosure?
- Why not use HTTPS for everything?
- Difference between CSRF and X-CSRF-Token
- How to send password securely via HTTP using Javascript in absence of HTTPS?
- Easy way to test a URL for 404 in PHP?
- Error “You’re accessing the development server over HTTPS, but it only supports HTTP”
- How to make an HTTP GET with modified headers?
- Avoid caching of the http responses
- My website got hacked.. What should I do? [closed]