One of the more astonishing facets of the web platform is the Referer header. Whenever you click a link from one web site to another, the request that fetches the web page from the second web site contains the URL of the first web site. This behavior causes both security and privacy problems: Security. Despite copious warnings, developers often include secrets in URLs. For example, to prevent