This article was previously published under Q178066
When linking from one document to another in Internet Explorer 4.0 and later, the Referer header will not be sent when the link is from an HTTPS page to a non-HTTPS page. The Referer header also will not be sent when the link is from a non-HTTP(S) protocol, such as file://, to another page.
The Referer header is a standard HTTP header in the form of "Referer:<URL>," which indicates to a Web server the URL of the page that containedthe hyperlink to the currently requested URL. When a user clicks on a linkon "http://example.microsoft.com/default.htm" to"http://example.microsoft.com/test.htm," the theoreticalexample.microsoft.com Web server will be sent a referer header of the form"http://example.microsoft.com".
However, Internet Explorer will not send the Referer header in situationsthat may result in secure data being sent accidentally to unsecured sites.For example, Internet Explorer will not send the Referer header for eachof the following example hyperlinks from one document URL to anotherdocument URL:
This prevents local file names from being sent inadvertently to Web serverswhen linking from local content to Web sites that might snoop on suchinformation. Also, many secure (HTTPS) Web servers store secure informationsuch as credit-card data in the URL during a GET request to a CGI or ISAPIserver application. This information can be unwittingly sent in theReferer header when linking out of an "https://" server to an "http://" server elsewhere on the Web. Internet Explorer attempts to prevent this badpractice by not sending the Referer header when transitioning from anHTTPS URL to a non-HTTPS URL.