The HTTP RFC states, in section 15.1.3 Encoding Sensitive Information in URI’s :
Clients SHOULD NOT include a Referer
header field in a (non-secure) HTTP
request if the referring page was
transferred with a secure protocol.
So, this is expected / standard behaviour.