#StackBounty: #http #safari #mobile-safari #http-referer Safari mobile and desktop are hiding full referrer URL: why?

Bounty: 50

I have a website, www.a.com

In that website, I serve a page at https://www.a.com/mypage that contains this:

https://www.b.com/anotherpage

If I visit from every browser, b.com will receive this as http referrer:

https://www.a.com/mypage

However, if I visit from Safari mobile or desktop, the referrer becomes:

https://www.a.com/

Why? How can I force Safari to send the full referrer?

Example:

from Safari, b.com logs:

123.45.678.901 - - [06/Jun/2020:00:32:03 +0200] "GET /anotherpage/ HTTP/1.1" 200 0 "https://www.a.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1 Mobile/15E148 Safari/604.1"

from another browser:

123.45.678.901 - - [06/Jun/2020:00:31:34 +0200] "GET /anotherpage/ HTTP/1.1" 200 0 "https://www.a.com/mypage/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"

I’ve tried adding this:

<meta name="referrer" content="unsafe-url">

or this

<meta name="referrer" content="always">

to the <head> of https://www.a.com/mypage but to no avail.


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.