With the three major search engines migrating their default searches to secure search, over SSL/HTTPS, marketers and webmasters want to know what referrer and analytics data will be passed to them and what won’t.
The majority of Google is secure search, Yahoo yesterday defaulted all searches to be conducted over SSL, and Bing is currently testing SSL search for those who opt in.
Testing Referrer Data From HTTPS Search To HTTP URL
The default protocol for passing referrer from an HTTPS URL to a non HTTPS URL is to not pass any referrer data at all. Both Yahoo and Bing comply with that, while Google passed google.com as the referrer in this case. How do I know? I tested it by searching Google, Yahoo and Bing for [what is my referrer] and then clicked on the www.whatismyreferer.com listing.
You see the listing in the search engine:
Then if you click on it, the destination page will show your referrer data:
Bing and Yahoo pass no referrer data at all in this case, as it should – due to the HTTPS protocol.
Testing Referrer Data From HTTPS Search To HTTPS URL
The default protocol is for HTTPS URLs to pass referrer data to another HTTPS, because it is being passed from a secure channel to another secure channel. Google doesn’t pass all the referrer data, they pass as much as they do from HTTPS to HTTP, as I cited in the example above. Bing and Yahoo do pass all the referrer data, as they should due to the HTTPS protocol. It passes both the referrer site and the query data.
But there is no way to search for an HTTPS version of a “what is my referrer” site. So I made one. Now you need to search for [what is my secure referrer] and https://referer.rustybrick.com/ should show up. As you see, the tool is on an HTTPS page, so referrer data can securely pass from a secure Google, Bing or Yahoo URL but do they? As I write this, Google shows it on the first page, towards the middle of the results. Bing and Yahoo have yet to index it but it will soon.
If you click on that from Google, it shows you that Google is only passing that the click came from Google but strips out any keyword data:
If you click on the search result from the secure Bing search results, you will see the full referrer details, including the referrer source, the query and more:
Why isn’t Google complying? I am not sure. They are encouraging webmasters to migrate their sites to run on SSL in their literature. But I know tons of webmasters that would make the switch overnight if Google would pass query data to them if they went over SSL.
Anyway, I hope the What Is My Secure Referrer? tool helps novice webmasters clearly see this information.