Wireshark-users: Re: [Wireshark-users] Referer from https

From: Maverick <myeaddress@xxxxxxxxx>
Date: Thu, 10 Feb 2011 13:41:32 -0500
Thanks Sake ,I really appreciate your answer and efforts.


On Thu, Feb 10, 2011 at 3:16 AM, Sake Blok <sake@xxxxxxxxxx> wrote:
> On 10 feb 2011, at 03:06, Stephen Fisher wrote:
>
>> On Wed, Feb 09, 2011 at 03:26:22PM -0500, Maverick wrote:
>>
>>> If a user is clicked on a link from an https site and that link isn't
>>> using ssl itself can we detect the refere information in that case.
>>
>> Yes, but then it isn't an "https" site and is instead an "http" site.
>
> Funny, I would have expected this to (a "https://xxx referer in the http request), but I just tested with Firefox and whenever I follow a link on an https page to a non-https page (either on the same site or a different site), there is just no "Referer:" header. I'm not sure how other browsers are dealing with this, so I checked the RFC[1]. It states in 15.1.3:
>
>
>   Clients SHOULD NOT include a Referer header field in a (non-secure)
>   HTTP request if the referring page was transferred with a secure
>   protocol.
>
>
> So there is your answer why you don't get the referer information.
>
> Cheers,
>
>
> Sake
>
> [1]  http://tools.ietf.org/html/rfc2616#section-15.1.3
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>