Just to add: browsers generally don't send a referrer if they are coming from a secure site (https) to an insecure one (http)

A simple solution: configure your web server to serve files for your https:// URLs from a different point in your filesystem than your http:// files. For instance, your http files might be under /var/www/data and your https files under /var/www/data-ssl. Then neither set of files can be accessed through the other port.

Edit: On a second look, I noticed you said you're on a shared server, so maybe you can't change the web server config. In that case, the $ENV{HTTPS} or $ENV{SERVER_PORT} variables may be of use to you, at least on some servers.

Aaron B.
My Woefully Neglected Blog, where I occasionally mention Perl.

Thank you very much Aaron. Did not know about that. I search and found all information which said things about 'corresponding PassEnv directive', but I test it with my script now and it works. $ENV{'HTTPS'} is 'on' when I go https. Thank you again.

Can I do something with .htaccess or something to only act on my 3 scripts?

I don't know. Probably. But you'd have to be at the Apachemonks for that.

I don't know

JavaFan, I now been looking at your 4054 write-ups. I think you do know.