Hacker News new | ask | show | jobs
by vince14 1888 days ago
You left out the part which contradicts your claim.

> Don't send the Referer header to less secure destinations (HTTPS→HTTP).

The referer header is still sent from HTTPS to HTTPS.
1 comments
londons_explore 1888 days ago
Yes, but only with the domain not the full path. Does anyone really care that the domain is leaked? There are very few secret domains...
link