繁體中文
/ English
journal
album
book
about
Subscribe
Activities Elsewhere
Title:
Body:
> Google recently [announced](http://googleblog.blogspot.com/2011/10/making-search-more-secure.html) that it will enable secure search for all the login users. More HTTPS usage is in general a good thing, but it does have a side effect: > >
> > Apparently [RFC 2616](http://tools.ietf.org/html/rfc2616) specifies that: > > > Clients SHOULD NOT include a Referer header field in a (non-secure) > > HTTP request if the referring page was transferred with a secure > > protocol. > > Makes sense. > > HTML5 also has a new ["noreferrer"](http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html#link-type-noreferrer) (with the correct spelling this time) that can be used to instruct the browser to never send `HTTP_REFERER` to the destination URL. > > For my own amusements, I can still correlate those visits from Google with the landing page to guess what people are interested in when visit, so it's not too big of a deal.