1

I've noticed that if a foreign https: site links to my non-https site, that I don't get anything in the HTTP Referer header at all. I've experienced this with access.log, but I presume the same happens with JavaScript's document.referrer, too.

So, if the referrer is https, is there no way to get any information about it? Not even the hostname / domain name? Or is it possible to somehow get at least the domain, with JavaScript?

Also, I presume running my own site with https isn't going to solve this issue for me, correct?

cnst
  • 25,870
  • 6
  • 90
  • 122
  • check this http://webmasters.stackexchange.com/questions/47405/how-can-i-pass-referrer-header-from-my-https-domain-to-http-domains – user1914292 May 14 '13 at 19:48

2 Answers2

4

You should check this answer : Get referrer URL - visitors coming from Paypal (HTTPS)

In case your site uses HTTP (not HTTPS) and the referer uses HTTPS, there is no Referrer being sent!

HTTP RFC - 15.1.3 Encoding Sensitive Information in URI's states:

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.

So the only way to get the Referrer is to use HTTPS on your site.

Community
  • 1
  • 1
RelevantUsername
  • 1,270
  • 8
  • 14
  • 3
    So, if I move my site to https, I will be getting ALL https referrers? Even inter-domain https referrers? – cnst May 14 '13 at 20:12
  • yes you can get inter-domain https referrers too if you're using HTTPS. I just practiced and commented here – Dev Matee May 16 '19 at 04:33
1

To get the document.referrer, You can use either of the options below:

  1. You Need to convert your HTTP site to HTTPS.

  2. Or you can add the below simple meta tag in your HTTPS site.

    <meta name="referrer" content="always">

Community
  • 1
  • 1
RUDRA PRATAP DALAI
  • 31
  • 4