Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar
SOLVED

Re: Need to Track the reference URL ?

Go to solution
Ravi_Ansal2
Level 6
Level 6
‎05-21-2015 10:06 PM
‎05-21-2015 10:06 PM

Re: Need to Track the reference URL ?

Thanks Sanford,

I will look into this option

0 Likes
1,820
Reply
Elliott_Lowe1
Level 9 - Champion Alumni
Level 9 - Champion Alumni
‎05-22-2015 03:44 AM
‎05-22-2015 03:44 AM

Re: Need to Track the reference URL ?

Sanford Whiteman​ thanks for researching and documenting these behaviors.  I'd like to explore this more with you in a separate thread and recommendations as it relates to source attribution.  I am following you in the Community and if you reciprocate, we can message each other directly.

0 Likes
1,820
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎05-22-2015 11:59 AM
‎05-22-2015 11:59 AM

Re: Need to Track the reference URL ?

I followed you so feel free to send me a DM!

0 Likes
1,820
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎05-21-2015 09:49 PM
‎05-21-2015 09:49 PM

Re: Need to Track the reference URL ?

Hey Elliott/Ravi, I just did a couple of quick tests to confirm HTTPS to HTTP differences across browsers and search engines.  As I remembered, the Referrer is not reliably delivered, which causes confusion.

I tested Bing (https://www.bing.com), Yahoo (https://search.yahoo.com), and Google (https://www.google.com) in Chrome 43, Firefox 34, and IE 8 on Windows (not meant to be an exhaustive test but the diffs are already apparent).

Bing

  • no Referrer in Chrome, FF, or IE
  • Bing sends user directly to the destination page, performing "ping" functions asynchronously

Yahoo

  • Referrer available in Chrome, FF, IE
  • Referrer is same format in all browsers
  • Referrer shown is a seemingly "full" URL from http://r.search.yahoo.com/_ylt=...;_ylu=... but does not reveal search terms, only opaque search information plus the destination URL
  • Yahoo bounces user off interstitial "ping" page r.search.yahoo.com, and this page is plain http://.  A JS redirect is used. Thus the http:// URL can be sent as a referrer, but the URL was already crafted to strip user-entered info

Chrome

  • Referrer available in Chrome, FF, IE
  • Referrer is different in Chrome vs. FF/IE
  • In Chrome, only https://www.google.com is shown (path/query/hash is truncated)
  • In FF/IE the "full" URL from http://www.google.com/url?... is shown.  But as with Yahoo this URL is sanitized, not revealing user-entered information
  • Chrome bounces user off interstitial "ping" page www.google.com, plain http://, using JS redirect.  Chrome and FF/IE treat the redirect mechanism with different rules.  Chrome only forwards the top-level domain from the original page, while FF/IE forward the full URL from the interstitial page.

We should remember -- and Ravi, I'll get to your most recent question in a moment, as I just saw that post come in -- that "secure search" has a a few closely connected but different purposes.  One is to allow people to not have their search terms snooped by somebody listening on the wire (a fourth party unaffiliated with the search engine, the user, nor any destination site) just as https:// protects sensitive e-commerce traffic.  Another purpose is to allow the user to respect the "intention" of privacy that they get from browsing securely by not forwarding the wire-secured traffic to a site that isn't also secure.  And another purpose is to continue that privacy all the way to the destination site, even if that is site is secure on the wire, by not letting them know what else you might have entered in the search box.

1,820
Reply
Home