tags:

views:

948

answers:

3
+3  Q: 

Does 301 redirect always preserve referrer?

I want to know whether 301 redirect always preserve referrer.

I make a page called "gotoorig_https.html" which contains a hyperlink to a page "orig_https.asp".
"orig_https.asp" will 301 redirect to "dest.html" which shows the document.referrer.

In this case, 

http page(gotoorig_https.html) -> orig_https.asp(301 redirect)-> https page (dest.html) <--the referrer preserves  
https page(gotoorig_https.html) -> orig_https.asp(301 redirect)-> https page (dest.html) <--the referrer preserves

I also make a page called "gotoorig_http.html" which contains a hyperlink to a page "orig_http.asp". "orig_http.asp" will 301 redirect to "dest.html" which shows the document.referrer.

In this case, 

http page(gotoorig_http.html) -> orig_http.asp(301 redirect)-> http page (dest.html) <--the referrer preserves  
https page(gotoorig_http.html) -> orig_http.asp(301 redirect)-> http page (dest.html) <--the referrer DOES NOT preserve.

Why does the last case happen?

A: 

Over https the browsers are not sending REFERRERS. This is in the RFC.

martin.malek  2009-09-09 08:26:26
Not true. Between HTTPS pages there is nothing in the spec about referer headers, but the spec does say they shouldn't be sent when switching between HTTP and HTTPS
blowdart  2009-09-09 08:31:41
+3  A: 

RFC doesn't specify any referrer-specific behavior in status 301 definition, nor 301-specific behavior in Referer header definition. Thus, I have to say that although this referrer-preserving behavior is logical, it is not defined in RFC and thus you can never be sure.

Michał Górny  2009-09-09 08:30:25
+1 for not relying on said behaviour. Referers can be faked too!
sybreon  2009-09-09 09:19:12
+4  A: 

When going between HTTP and HTTPS the HTTP spec says that a referer header should NOT be sent (see 15.1.3 in RFC2616). The spec doesn't say what should happen between HTTPS pages however.

Interestingly firefox defaults to ignoring the spec in this case, but can be made to conform by setting the network.http.sendSecureXSiteReferrer configuration setting.

blowdart  2009-09-09 08:31:01

related questions

Generic htaccess redirect www to non-www
Domain redirection to the same page and Google
Redirect Stdin and Stdout to File
Redirect all requests to ASP.NET MVC on IIS6
Firefox: visually flag redirect in address bar
.htaccess redirect performance
How to Show/Hide Panels before executing Response.Redirect
Redirect to a link using the default broswser in Windows Form based application
Cakephp redirect
What's the best way to automatically redirect someone to another webpage?
How to manage a redirect request after a JQuery Ajax call
Apache - Reverse Proxy and HTTP 302 status messsage
How do I POST from an iframe to another page outside the iframe?
Struts2 - How to do dynamic URL redirects?
How do I prevent ServerXMLHTTP from automatically following redirects (HTTP 303 See Other responses)?
How to create a GET request with parameters, using JSF and navigation-rules?
Best Way to Conditional Redirect?
Is there an easy way to request a URL in python and NOT follow redirects?
How to rewrite an URL on a JBoss server?
How to Implement a Redirect on All Requests (on certain conditions)?
Make apache automatically strip off the www.?
Redirect command to input of another in Python
Is it possible to use .htaccess to send six digit number URLs to a script but handle all other invalid URLs as 404s?
How do I get sun webserver to redirect from /
How do you redirect HTTPS to HTTP?