从 https 页面转到 http 页面时是否发送了 HTTP 标头Referer? [英] Is HTTP header Referer sent when going to a http page from a https page?

问题描述

经过几次测试，我开始得出结论，当从 https 页面单击 http 页面时，浏览器不会发送 Referer HTTP 标头.

After a few tests, I'm starting to reach the conclusion that a browser does not send a Referer HTTP header when one clicks to a http page from a https one.

这是出于什么安全原因?是在标准中的某个地方定义的吗?

What security reason is that for? Is is defined somewhere in the standard?

推荐答案

HTTP RFC 声明，在 15.1.3 在 URI 中编码敏感信息部分 :

客户端不应包含Referer(非安全)HTTP 中的标头字段请求引用页面是否为使用安全协议传输.

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.

所以，这是预期/标准行为.

So, this is expected / standard behaviour.

这篇关于从 https 页面转到 http 页面时是否发送了 HTTP 标头Referer?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！