Wireshark-users: Re: [Wireshark-users] Referer from https
From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 10 Feb 2011 09:16:05 +0100
On 10 feb 2011, at 03:06, Stephen Fisher wrote:

> On Wed, Feb 09, 2011 at 03:26:22PM -0500, Maverick wrote:
> 
>> If a user is clicked on a link from an https site and that link isn't 
>> using ssl itself can we detect the refere information in that case.
> 
> Yes, but then it isn't an "https" site and is instead an "http" site.

Funny, I would have expected this to (a "https://xxx referer in the http request), but I just tested with Firefox and whenever I follow a link on an https page to a non-https page (either on the same site or a different site), there is just no "Referer:" header. I'm not sure how other browsers are dealing with this, so I checked the RFC[1]. It states in 15.1.3:


   Clients SHOULD NOT include a Referer header field in a (non-secure)
   HTTP request if the referring page was transferred with a secure
   protocol.


So there is your answer why you don't get the referer information.

Cheers,


Sake

[1]  http://tools.ietf.org/html/rfc2616#section-15.1.3