2

Google search documentation says (https://support.google.com/websearch/answer/173733?hl=en):

SSL doesn't always protect:

  • The fact that you visited google.com
  • The search terms that you typed

For example, when you visit another website from the Google search results page, that website may be able to identify what site you came from or the search terms that you used.

On the other hand, the answer to "How to get keywords from Google HTTP referrer?" is "You can't" (How to get the referer search query from google? and https://webmasters.stackexchange.com/questions/59794/how-to-get-keywords-from-google-http-referrer and many other places, after Google introduced SSL search).

So, I have a question, according to Google documentation, how a website may be able to identify the search terms that I used in Google Search, when I visit this website from SSL search results?

Community
  • 1
  • 1
camcam
  • 2,585
  • 8
  • 49
  • 65

1 Answers1

0

With a modern, updated browser, the query is always hidden.

However, older browsers (or modern browsers with some of the functionality disabled/turned-off/blocked) may get different experiences. That applies to both older IE and older Chrome (and everything else).

That said, unless you consider IE 5.5 (or Chrome 5!) a significant part of traffic, the query is pretty much always hidden to other websites.

Dean J
  • 39,360
  • 16
  • 67
  • 93
  • How would the query ever have been visible? – John Saunders Mar 16 '15 at 03:56
  • @JohnSaunders if you go from Google Search in HTTPS to a landing page that's HTTPS, you should get the entire http-referer field. It's only blanked in HTTPS->HTTP, not HTTPS->HTTPS. meta-referrer, a 302, or a javascript redirect mitigate the leak. If you had a sufficiently old browser where you'd manually disabled Javascript, that may break at least one of the mitigations; as with most other sites, things go awry with Javascript off. – Dean J Apr 10 '15 at 02:58