John Hile wrote:
You might try creating a frameset. Make a very small frame at the top of the window that permits the user to return to your site and take up the rest of the window with the other site.
Thanks for the suggestion, but it isn't the back button I'm concerned about. I'm concerned about not passing sensitive information encoded in the URI to an outside site via the HTTP_REFERER header that the browser creates. Our site normally uses SSL to protect the information, but if we include any links to outside pages and the user clicks one of those links, the browswer will include the complete URI of the referring page in the HTTP_REFERER header when it requests the outside page. MSIE doesn't create a problem because it doesn't include the HTTP_REFERER header when you click on a non-SSL link from within an SSL page, but the Netscape browser does.
HTTP_REFERER should change to the URL of the frameset document, John. Just make sure the frameset document is in a non-protected URL. I was helping you kill two birds with one stone. Shane