This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes HTML, CSS and JavaScript and the fly likes How to Use REFERER HTTP header Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "How to Use REFERER HTTP header" Watch "How to Use REFERER HTTP header" New topic
Author

How to Use REFERER HTTP header

Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
I know this header could allow the server to tell which site redirect the browser to it. But, under what circumstance would the browser insert such a header into the request?
Christophe Verré
Sheriff

Joined: Nov 24, 2005
Posts: 14687
    
  16

Avoid using this header, it is not 100% reliable.


[My Blog]
All roads lead to JavaRanch
Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
So what would be the alternative - to know who direct the browser to this server?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60752
    
  65

There is no 100% reliable mechanism.


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
dema rogatkin
Ranch Hand

Joined: Oct 09, 2002
Posts: 294
Any 99%? I've noticed a strange thing, if I use anchor for jumping to a page, a referer set correctly by IE and FF, however if I jump to another page using JS, IE returns no referer. However FF still returns it fine. There is some not quite friendly technique adding explicity a referer in any URL reachable from the page. Sort of URL rewriting technology.


Tough in space?, <a href="http://tjws.sf.net" target="_blank" rel="nofollow">Get J2EE servlet container under 150Kbytes here</a><br />Love your iPod and want it anywhere?<a href="http://mediachest.sf.net" target="_blank" rel="nofollow">Check it here.</a><br /><a href="http://7bee.j2ee.us/book/Generics%20in%20JDK%201.5.html" target="_blank" rel="nofollow">Curious about generic in Java?</a><br /><a href="http://7bee.j2ee.us/bee/index-bee.html" target="_blank" rel="nofollow">Hate ant? Use bee.</a><br /><a href="http://7bee.j2ee.us/addressbook/" target="_blank" rel="nofollow">Need contacts anywhere?</a><br /><a href="http://searchdir.sourceforge.net/" target="_blank" rel="nofollow">How to promote your business with a search engine</a>
Yuriy Fuksenko
Ranch Hand

Joined: Feb 02, 2001
Posts: 413
Have you ever used netcat? Or plug-in for Firefox that allows you to put any headers into request?
The fun place to play with it is http://www.hackthissite.org, register there and go through realistic missions You will have lots of fun.

You can not really trust any HTTP header. I mean, you can use it for refference, let say to display "this is where you came from" (and say something like "I don't know where the hell you came from" if its not set), or something like that. But don't use it for security measures, or for anything important.
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 41052
    
  43
For Firefox the LiveHTTPHeaders extension can show you everything that gets sent from your browser, including the headers. It's an indispensable tool to debug HTTP problems.

TamperData is a bit harder to use, but in addition to viewing it lets you change the request as well.
[ February 10, 2006: Message edited by: Ulf Dittmer ]

Ping & DNS - my free Android networking tools app
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: How to Use REFERER HTTP header
 
Similar Threads
WA #1.....word association
Disabling forward button in browser
How to i get IP address of the Remote system
Browser specific
Servlet headers