HTTP/Browser General
From Rory.wiki
General Notes
Referer headers and HTTPS
Usually the referer header is passed in each request and a web application can leak data from Query parameters set in a URL when a link is clicked. However it's important to note that for the case of a link from an HTTPS site to an HTTP site the browser should not include the referer header (per this and this). However apparently it's not specified in the RFC whether links from one HTTPS site to another should pass the referer so this may vary from browser to browser.
