从https页面转到http页面时是否发送了HTTP标头Referer？ [英] Is HTTP header Referer sent when going to a http page from a https page?

问题描述

经过几次测试后，我开始得出这样的结论：浏览器在点击https网页的http页面时不会发送Referer HTTP标头。

After a few tests, I'm starting to reach the conclusion that a browser does not send a Referer HTTP header when one clicks to a http page from a https one.

这有什么安全理由？是在标准的某个地方定义的吗？

What security reason is that for? Is is defined somewhere in the standard?

推荐答案

HTTP RFC 声明在 15.1.3在URI中编码敏感信息：

客户不应包含Referer $如果引用页面是使用安全协议传输的
，则为（非安全）HTTP
请求中的b $ b头字段。

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.

所以，这是预期/标准行为。

So, this is expected / standard behaviour.

这篇关于从https页面转到http页面时是否发送了HTTP标头Referer？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！