You are currently offline, waiting for your internet to reconnect

INFO: Internet Explorer Does Not Send Referer Header in Unsecured Situations

This article was previously published under Q178066
SUMMARY
When linking from one document to another in Internet Explorer 4.0 and later, the Referer header will not be sent when the link is from an HTTPS page to a non-HTTPS page. The Referer header also will not be sent when the link is from a non-HTTP(S) protocol, such as file://, to another page.
MORE INFORMATION
The Referer header is a standard HTTP header in the form of "Referer:<URL>," which indicates to a Web server the URL of the page that containedthe hyperlink to the currently requested URL. When a user clicks on a linkon "http://example.microsoft.com/default.htm" to"http://example.microsoft.com/test.htm," the theoreticalexample.microsoft.com Web server will be sent a referer header of the form"http://example.microsoft.com".

However, Internet Explorer will not send the Referer header in situationsthat may result in secure data being sent accidentally to unsecured sites.For example, Internet Explorer will not send the Referer header for eachof the following example hyperlinks from one document URL to anotherdocument URL:
javascript:somejavascriptcode --> http://example.microsoft.comfile://c:\alocalhtmlfile.htm  --> http://example.microsoft.comhttps://example.microsoft.com --> http://www.microsoft.com					
This prevents local file names from being sent inadvertently to Web serverswhen linking from local content to Web sites that might snoop on suchinformation. Also, many secure (HTTPS) Web servers store secure informationsuch as credit-card data in the URL during a GET request to a CGI or ISAPIserver application. This information can be unwittingly sent in theReferer header when linking out of an "https://" server to an "http://" server elsewhere on the Web. Internet Explorer attempts to prevent this badpractice by not sending the Referer header when transitioning from anHTTPS URL to a non-HTTPS URL.
Header HTTP
Properties

Article ID: 178066 - Last Review: 02/09/2009 05:29:19 - Revision: 4.0

  • Microsoft Internet Explorer 4.0 128-Bit Edition
  • Microsoft Internet Explorer 4.01 Service Pack 2
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01
  • Microsoft Internet Explorer 5.5
  • Microsoft Internet Explorer (Programming) 6.0
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 6.0
  • kbinfo KB178066
Feedback