Hi Tom et al.
hm, OK. I've noticed that some sites do exactely what we need in our case:
disobeying this "SHOULD NOT" in RFC 2616. E.g. I'm logged in at Facebook and
click a link to one of the sites I have log access to. I'm using HTTPS at the
Facebook site. The referer header appears within my
On Thu, Dec 15, 2011 at 10:59 AM, Christoph Pilka
wrote:
> Howdy,
>
> according to RFC 2616 chapter 15.1.3 "Clients SHOULD NOT include a Referer
> header field in a (non-secure) HTTP request if the referring page was
> transferred with a secure protocol" which makes sense in certain
> circumsta
Howdy,
according to RFC 2616 chapter 15.1.3 "Clients SHOULD NOT include a Referer
header field in a (non-secure) HTTP request if the referring page was
transferred with a secure protocol" which makes sense in certain circumstances
because of sensitive data the HTTPS request would hand over. But
