[Flimm]

This is not correct. SSL only blanks referrals to non-HTTPS links, the referrer is passed by default to all HTTPS links.

Since HN is using HTTPS, this should be very easy to test by just clicking on this link: https://www.whatismyreferer.com/

Note that HN includes this line of HTML which affects the sent Referrer header:

    <meta name="referrer" content="origin">

[downandout]

I'll have to ask my friend about this...he was using SSL and had no referrers and they killed his account. He had no referrer policy tag. I know he was using a tracking script that he redirected traffic through as well, perhaps that was Http.

[cpach]

Interesting! Any idea why HN sets the referrer to origin?

[yahelc]

The HackerNews repo is gone (and thus the issue), but at one point this was a Github issue I successfully filed to get HN to add it so their referral data for non-SSL pages wouldn't be lost:

https://github.com/HackerNews/HN/issues/68

(Background: https://news.ycombinator.com/item?id=7197520)

IIRC, I think the developer was open to adding a referral, but not have it leak any on-site information, so this was a compromise.

[ddoran]

On OSX/safari, if I click on the link, it correctly says the referrer is YC News.

if I right click the link (which I often do) and open in new tab or window, I see:

No referer / hidden

In these cases it does not alleviate the issue flagged above.

[whatnotests]

iOs/ chrome shows the correct referrer in both cases.