问题
This is mainly for privacy concerns. If I open up an email on Gmail (or any other email provider) containing a link to a website and I end up clicking on the link, does Gmail send out a referer header? (ie. Will the destination website know that I came from Gmail? And would they know the email address that I was using when I clicked on the link?)
Lastly, if they do, is there any way to disable it?
回答1:
No, if you use gmail's web interface referrer header won't be set, but destination may still guess that you came from gmail.
Here's what happens when you click http://example.com/something link in gmail:
actual destination is changed to GET https://www.google.com/url?hl=en-GB&q=http://example.com/something&source=gmail&ust=TIMESTAMP&usg=HASH.
In reply to this HTTP GET google.com replies 302 Moved with Location header to redirect to actual link: Location: http://example.com/something. When processing this reply chrome will request something like this:
GET /something HTTP/1.1
Host: example.com
... regular headers ...
X-Client-Data: %HASH%
If you make that request by typing the URL in address bar the request will be identical except there won't be that X-Client-Data header. It seems that this X-Client-Data header is set by Chrome while accessing Google servers and it seems that no such header is set when using non-chrome browsers. If you open your browser in incognito/private mode and click that link in gmail then X-Client-Data header isn't set and on server side it looks as if you typed the URL in your address bar directly.
来源:https://stackoverflow.com/questions/37082676/does-clicking-a-link-in-gmail-send-a-referer-header