I have the impression that browsers running on windows xp sp2 no longer send
the header that is used by IIS for the http_referer variable. I was looking
into the list of security changes for sp2 and can't find anything related to
this.
Is this an intended security measure or a side-effect? In any case is there
anything that can be done on the client side (change something in advanced
settings or security) so that the browser can send this again (preferrably
to specified websites only)

Koen.