Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to Use REFERER HTTP header

 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I know this header could allow the server to tell which site redirect the browser to it. But, under what circumstance would the browser insert such a header into the request?
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Avoid using this header, it is not 100% reliable.
 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So what would be the alternative - to know who direct the browser to this server?
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64967
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is no 100% reliable mechanism.
 
dema rogatkin
Ranch Hand
Posts: 294
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Any 99%? I've noticed a strange thing, if I use anchor for jumping to a page, a referer set correctly by IE and FF, however if I jump to another page using JS, IE returns no referer. However FF still returns it fine. There is some not quite friendly technique adding explicity a referer in any URL reachable from the page. Sort of URL rewriting technology.
 
Yuriy Fuksenko
Ranch Hand
Posts: 413
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Have you ever used netcat? Or plug-in for Firefox that allows you to put any headers into request?
The fun place to play with it is http://www.hackthissite.org, register there and go through realistic missions You will have lots of fun.

You can not really trust any HTTP header. I mean, you can use it for refference, let say to display "this is where you came from" (and say something like "I don't know where the hell you came from" if its not set), or something like that. But don't use it for security measures, or for anything important.
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For Firefox the LiveHTTPHeaders extension can show you everything that gets sent from your browser, including the headers. It's an indispensable tool to debug HTTP problems.

TamperData is a bit harder to use, but in addition to viewing it lets you change the request as well.
[ February 10, 2006: Message edited by: Ulf Dittmer ]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic