Can anybody suggest a good technique for controlling what gets sent in the HTTP_REFERER header when users click on links to pages outside your own site. We are setting up a secure server that may occasionally contain links to outside sites. Normally, the browser passes the complete URL of our current page in HTTP_REFERER when a user clicks on one of these links, but there may be information in the URL that we want to protect. I tried simply setting up a page on our site with a redirect to pass the links through, but the browser still passes the original URL. Any suggestions for a good way to handle this are welcome.