Is HTTP header Referer sent when going to a http page from a https page?

Question

After a few tests, I\'m starting to reach the conclusion that a browser does not send a Referer HTTP header when one clicks to a http page from a https one.

What sec

Answer 1

Reason: Sometimes SessionIDs are URL encoded. HTTP Pages can have cross site scripting which steals the session from the HTTPS communication. To prevent this, the referrer is not transmitted on the HTTPS to HTTP transition so that the URL encoded sessin ID can't be stolen.