I think there are many possibilities, like:
- The behavior of the browser.
- The behavior of source site or system where the request originated.
- There are systems like proxy that remove the referer informtion.
"If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referrer field is not sent.
The HTML5 standard added support for the attribute/value rel="noreferrer", which instructs the user agent to not send a referrer" <from wikipedia.org>
Well, thank you, but I'm really asking from different perspective.
I'm really asking about who to blame responsibility from a support perspective.
In the case of Flash, I don't know if it makes requests independent of the browser or not. I suppose I might hack the truth out of this. But, due to certain biases, I may not want to find out. That is, I to believe that the browser of choice can enforce setting the referer on the user's behalf. But, given that Flash is know for having vulns, I don't think I'm going to get my way on this.
I feel strongly that the only time the referer should be missing is for the requests that the user makes directly, and I feel that there are security implications to this (wouldn't I).
So, somebody broke it; somebody should fix it--whoever that somebody is.
Anyway, thanks again for the response.