Have you ever come across a situation when you need to pass data from HTTPS to HTTP controlled web pages? If you have, you would have come to know that the header values especially REFERER values become empty. Reason for this being that it is not secure to transfer data from a security controlled HTTPS layer to a non-secure site serving HTTP content.
This is one of the key points to remember if you are involved in integrating applications
Solution(s) to the above scenario
i) Transfer data between HTTPs layers instead
ii) pass GET data as query string values
iii) Programatically handle the session across the two sites behind the scenes either by storing a cookie or through database controllers
Some of the tools that comes handy in checking the Header Values are FireBug, Live HTTP Headers, HTTP Watch plugin