As discussed earlier in the Privacy section, the HTTP Referer header contains information about a user's browsing history. Usually the value contained in this header is the URL location of a previously visited web page. Some web sites and web applications include additional data in the URL instead of storing this data in a cookie. An example of such a URL would be "http://host.com/doit?id=1234". In this example everything after the '?' is passed as additional data to the "doit" program. Security issues arise when URL data contains confidential information such as a password, social security number, or credit card number. This data can be sent via the Referer header to a web site where the data was not originally intended and not authorized by the user. Since HTTP is not considered to be a secure protocol, a generally practiced rule is to not include confidential information in URLs or HTTP headers. Web sites that deal with confidential data use secure HTTP for their transactions. These secure transactions can safely include confidential data such as credit card numbers in URLs and HTTP headers since all communication is encrypted. However, there have been cases where a secure URL is incorrectly sent by the web browser via the Referer header to a non-secure web site. This can be a security problem when the secure URL contains confidential data.