Just saw this argument break out on this Verge post about SSL and Google stripping out referrer data from their searches. With SSL, Google should not be able to choose when and when they strip out referrer data, but they somehow are doing it.
The missing piece is that Google does a redirect when you click on a link in their search results page, and in that non secure link, they have the option to add referrer data.
Let’s take the example of search term “red pick up trucks”. We know Google passes referrer data on an paid links. Here is the paid link redirect before taking you to GMC.com:
There in bold you can see they added the referrer data to the redirect link and will pass the search term to the landing page site.
Now consider this editorial link I clicked on just below:
No referrer data in the redirect on editorial links.
This was the cause of the misunderstanding between Danny and Asa. Asa knew how SSL technically worked but probably didn’t know about the redirect. Danny knew Google was passing the referrer on paid clicks but not editorial clicks but he didn’t know how Google was doing this technically.
Here’s a bit about Google Encrypted Search. It uses the same redirect process as well. However, the redirect link is https, which mean unless it’s going to another https site, it will strip out the referrer data:
Paid click redirect:
Editorial click redirect: