Site1 offers the possibility to open Site2 in another window through a button. Site2 checks document.referrer. As long as Site1 and Site2 are using HTTP everything works fine, and the referrer attribute contains the URL of Site1.

If Site1 runs with SSL (), but Site2 doesn't, the referrer is suddenly empty.

JS Client code on

window.open("", "mySite2")

The Site2 checks the referrer in the JS client code by:

document.referrer

Which turns out to be empty.

My Question: Is this a Javascript problem or an Nginx problem? Why is the referrer empty when using HTTPS on Site1 ?

Again, if both sites are using HTTP, everything works just fine. The referrer just doesn't get passed on the Site2 is Site1 is using HTTPS.

Site1. offers the possibility to open Site2. in another window through a button. Site2. checks document.referrer. As long as Site1. and Site2. are using HTTP everything works fine, and the referrer attribute contains the URL of Site1..

If Site1. runs with SSL (https://site1.), but Site2. doesn't, the referrer is suddenly empty.

JS Client code on https://site1.

window.open("http://site2.", "mySite2.")

The Site2. checks the referrer in the JS client code by:

document.referrer

Which turns out to be empty.

My Question: Is this a Javascript problem or an Nginx problem? Why is the referrer empty when using HTTPS on Site1. ?

Again, if both sites are using HTTP, everything works just fine. The referrer just doesn't get passed on the Site2. is Site1. is using HTTPS.

• javascript
• nginx
• https
• http-headers

• pass it as a url get param – dandavis Commented Mar 17, 2014 at 20:23

2 Answers 2

Neither. It is browsers security policy. They do not send referrer when go from secure site to non-secure.

According to HTTP 1.1 protocol.

Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure

Here is the policy.

You can not referrer on https to site using http. Referrer will get from

https to https or http to https.