从https页面转到http页面时是否发送了HTTP标头Referer? [英] Is HTTP header Referer sent when going to a http page from a https page?
本文介绍了从https页面转到http页面时是否发送了HTTP标头Referer?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
经过几次测试后,我开始得出这样的结论:浏览器在点击https网页的http页面时不会发送Referer HTTP标头。
After a few tests, I'm starting to reach the conclusion that a browser does not send a Referer HTTP header when one clicks to a http page from a https one.
这有什么安全理由?是在标准的某个地方定义的吗?
What security reason is that for? Is is defined somewhere in the standard?
推荐答案
HTTP RFC 声明在 15.1.3在URI中编码敏感信息:
客户不应包含Referer $如果引用页面是使用安全协议传输的
,则为(非安全)HTTP
请求中的b $ b头字段。
Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
所以,这是预期/标准行为。
So, this is expected / standard behaviour.
这篇关于从https页面转到http页面时是否发送了HTTP标头Referer?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文