How are encoded semicolons ending up in my querystring?

[jovial]

I am setting the src of an iframe in my codebehind like this:\[code\]iframe.Attributes.Add("src", string.Format("/page.aspx?a={0}&b={1}", aVal, bVal);\[/code\]I realized that on rare occasion the following is true on page.aspx:\[code\]Request.QueryString["b"] == null\[/code\]I started logging some of the request data and out of the few thousand time this page gets accessed each day the data will typically look like this:\[code\]Request.Url: http://www.mydomain.com/page.aspx?a=1&b=2Request.Referrer: http://www.mydomain.com/referrer/Request.Querystring: a=1&b=2\[/code\]About a half dozen times per day, the data will look like this:\[code\]Request.Url: http://www.mydomain.com/page.aspx?a=1&b=2Request.Referrer: http://www.mydomain.com/referrer/Request.QueryString: a=1&%3bb=2\[/code\]You will notice everything is exactly the same except a URL encoded semicolon, %3b, appears in the query string. The referrer URL tells me that page.aspx is being accessed correctly and not being manually entered into the browser by a user. This page is also in a secure members only area and I confirmed that this is happening to random users for random content. I cannot reproduce this - if I go to the Request.Url value, %3b never appears in the query string, and if I go to the Request.Referrer value to access the content the same way a customer would, %3b never appears in the query string. The Request.Referrer value is the only page that loads page.aspx.Any ideas how the %3b could possibly be getting into the query string?