Referer is passed from HTTPS to HTTP in some cases… How?

In theory browsers do not pass on referer information from HTTPS to HTTP sites. And in my experience this has always been true. But I just found an exception, and I want to understand why it works so I can use it as well.

Search for “what is my referer” on

There are a few sites that will show referer. They all seem to “work” when they shouldn’t. For example, click the one. I get:

 Your referer:

Note that sometimes, rarely, I get “no referer” as the result. Go back and click the link again and it’ll “work” the next time.

This should not happen. is a non-HTTPS site. The referer header should not be being passed, but it is.

What’s going on here, and how can I do the same from my HTTPS site to the HTTP sites I’m linking to?


Leave a Reply