<br>
<div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Web browsers don't leek https URLs in the Referer header.</blockquote><div><br>
<br>
</div><br><div><br>
Not in my experience. For example, using both IE 6 and Mozilla 1.7.10, consider the following log snapshot:<br>
<br>
<a href="http://9.49.221.110">9.49.221.110</a> - - [27/Sep/2005:15:24:27 +0000] "GET /images/unknown2.gif
HTTP/1.1" 200 1006 "<a href="https://bayardo.userv.ibm.com/stuff/">https://bayardo.userv.ibm.com/stuff/</a>" "Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716"<br>
<a href="http://9.49.221.110">9.49.221.110</a> - - [27/Sep/2005:15:24:27 +0000] "GET
/images/source_java.gif HTTP/1.1" 200 1031
"<a href="https://bayardo.userv.ibm.com/stuff/">https://bayardo.userv.ibm.com/stuff/</a>" "Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716"<br>
....<br>
<a href="http://9.49.221.110">9.49.221.110</a> - - [27/Sep/2005:15:27:35 +0000] "GET /images/txt.gif
HTTP/1.1" 200 1030 "<a href="https://bayardo.userv.ibm.com/stuff/">https://bayardo.userv.ibm.com/stuff/</a>" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)"<br>
<a href="http://9.49.221.110">9.49.221.110</a> - - [27/Sep/2005:15:27:36 +0000] "GET /images/unknown2.gif
HTTP/1.1" 200 1006 "<a href="https://bayardo.userv.ibm.com/stuff/">https://bayardo.userv.ibm.com/stuff/</a>" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; SV1)"<br>
<br>
<br>
<br>
This is from the log of a webserver with domain
"<a href="http://w3.userv.ibm.com">w3.userv.ibm.com</a>" (an internal domain so it won't work for you
:-) which hosts images referenced by pages on the server
<a href="http://bayardo.userv.ibm.com">bayardo.userv.ibm.com</a>. Both servers are accessed using HTTPS,
both servers use different SSL certs issued by different CAs. They
share the same top level domain, but I don't know if that's significant
(if it is, it shouldn't be!).<br>
<br>
<br>
<br>
<br>
</div></div><br>