最近遇到了这个问题,即想通过 referrer 追踪某网页的来源,结果发现有些来源无法实现,因为设置 referrer 时并不能抓取到,找了好半天原因,终于发现了:从 https 跳转到 http 时,https 中的 referrer 信息并不能传递给 http 页面,也就是说浏览器不发送 referer 信息。
http 协议是这样规定的:
Because the source of a link might be private information or might reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent. For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information.
Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
Authors of services which use the HTTP protocol SHOULD NOT use GET based forms for the submission of sensitive data, because this will cause this data to be encoded in the Request-URI. Many existing servers, proxies, and user agents will log the request URI in some place where it might be visible to third parties. Servers can use POST-based form submission instead
原来是由于安全原因,防止 https 页面信息以明文暴露。
如果我们非要将 https 页面的 referrer 信息传递到 http 页面,可以在 https 页面增加 meta 标签:
本文禁止住转载。任何形式转载请联系作者(时光在路上 www.timezls.com)。时光在路上保留所有权利
<meta content="always" name="referrer" />
当然,还有一个办法,从http页面考虑,可以升级,从http升级到https协议。