File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes HTML, CSS and JavaScript and the fly likes How to Use REFERER HTTP header Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » HTML, CSS and JavaScript
Bookmark "How to Use REFERER HTTP header" Watch "How to Use REFERER HTTP header" New topic

How to Use REFERER HTTP header

Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
I know this header could allow the server to tell which site redirect the browser to it. But, under what circumstance would the browser insert such a header into the request?
Christophe Verré

Joined: Nov 24, 2005
Posts: 14688

Avoid using this header, it is not 100% reliable.

[My Blog]
All roads lead to JavaRanch
Alec Lee
Ranch Hand

Joined: Jan 28, 2004
Posts: 569
So what would be the alternative - to know who direct the browser to this server?
Bear Bibeault
Author and ninkuma

Joined: Jan 10, 2002
Posts: 63844

There is no 100% reliable mechanism.

[Asking smart questions] [About Bear] [Books by Bear]
dema rogatkin
Ranch Hand

Joined: Oct 09, 2002
Posts: 294
Any 99%? I've noticed a strange thing, if I use anchor for jumping to a page, a referer set correctly by IE and FF, however if I jump to another page using JS, IE returns no referer. However FF still returns it fine. There is some not quite friendly technique adding explicity a referer in any URL reachable from the page. Sort of URL rewriting technology.

Tough in space?, <a href="" target="_blank" rel="nofollow">Get J2EE servlet container under 150Kbytes here</a><br />Love your iPod and want it anywhere?<a href="" target="_blank" rel="nofollow">Check it here.</a><br /><a href="" target="_blank" rel="nofollow">Curious about generic in Java?</a><br /><a href="" target="_blank" rel="nofollow">Hate ant? Use bee.</a><br /><a href="" target="_blank" rel="nofollow">Need contacts anywhere?</a><br /><a href="" target="_blank" rel="nofollow">How to promote your business with a search engine</a>
Yuriy Fuksenko
Ranch Hand

Joined: Feb 02, 2001
Posts: 413
Have you ever used netcat? Or plug-in for Firefox that allows you to put any headers into request?
The fun place to play with it is, register there and go through realistic missions You will have lots of fun.

You can not really trust any HTTP header. I mean, you can use it for refference, let say to display "this is where you came from" (and say something like "I don't know where the hell you came from" if its not set), or something like that. But don't use it for security measures, or for anything important.
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
For Firefox the LiveHTTPHeaders extension can show you everything that gets sent from your browser, including the headers. It's an indispensable tool to debug HTTP problems.

TamperData is a bit harder to use, but in addition to viewing it lets you change the request as well.
[ February 10, 2006: Message edited by: Ulf Dittmer ]
I agree. Here's the link:
subject: How to Use REFERER HTTP header
It's not a secret anymore!