- From: Liam Quinn <liam@htmlhelp.com>
- Date: Wed, 3 Sep 2003 21:53:54 -0400 (EDT)
- To: Norbert Veber <nveber@pyre.virge.net>
- Cc: www-validator@w3.org
On Wed, 3 Sep 2003, Norbert Veber wrote: > On Mon, Sep 01, 2003 at 11:00:00PM -0400, Liam Quinn wrote: > > Linking to <http://validator.w3.org/check/referer> depends on the browser > > to send the Referer header, which browsers generally don't send when > > requesting an insecure page from a secure one. > > Ah, I didnt know that. Is this documented further someplace? I just > wonder what the rationale is.. Yes, it's in the HTTP/1.1 specification: Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol. http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html#sec15.1.3 -- Liam Quinn
Received on Wednesday, 3 September 2003 21:52:30 UTC