If you want referrer data, offer your site over SSL...Browsers don't send a referrer header if the referring site is SSL and the target site is not.
I haven't tested any browsers or looked at any standards on this, but if that works it doesn't make any sense to me. I would think that the rule would be "Browsers don't send a referrer header [to a different domain] if the referring site is SSL" period (no "and the target site is not" part). If a URL on site X contains secret information, why would it be OK to transmit that secret information to some other website simply because the secret information is encrypted while in transit? At the very least, I would expect the user to be prompted to confirm such action before doing it (which would probably be more annoying to the user than just dropping the referrer info).
I haven't tested any browsers or looked at any standards on this, but if that works it doesn't make any sense to me. I would think that the rule would be "Browsers don't send a referrer header [to a different domain] if the referring site is SSL" period (no "and the target site is not" part). If a URL on site X contains secret information, why would it be OK to transmit that secret information to some other website simply because the secret information is encrypted while in transit? At the very least, I would expect the user to be prompted to confirm such action before doing it (which would probably be more annoying to the user than just dropping the referrer info).