TheOptimizationIdiot - 6:58 pm on Mar 11, 2013 (gmt 0)
My understanding of this was that it is actually implemented by browsers. Browsers don't send full referrer info when clicking from a http to an https site.
Exactly, except I think you meant from https to http.
Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.