Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can I track the referrer of a new window link?

Case:

  • site A contains a link that opens site B in new window.
  • The script in site B is trying to get the site A url.

My question: Is there any way to track the referrer of a new window which was opened using target="_blank" or Javascript window.open() function?

If yes then is there any way to completely hide the referrer?

like image 812
ptrinh Avatar asked Jul 12 '11 18:07

ptrinh


People also ask

How do I find the URL referrer?

To check the Referer in action go to Inspect Element -> Network check the request header for Referer like below. Referer header is highlighted. Supported Browsers: The browsers are compatible with HTTP header Referer are listed below: Google Chrome.

What is window referrer?

referrer gives you the URI of the page that linked to the current page. This is a value that's available for all pages, not just frames. window. parent gives you the parent frame, and its location is its URI. If you want to find the URI of the parent frame, then use window.

How reliable is HTTP referrer?

Using HTTP_REFERER isn't reliable, its value is dependent on the HTTP Referer header sent by the browser or client application to the server and therefore can't be trusted because it can be manipulated. Regarding the Referer header, section 15.1.

What is a URL referrer?

The address of the webpage where a person clicked a link that sent them to your page. The referrer is the webpage that sends visitors to your site using a link. In other words, it's the webpage that a person was on right before they landed on your page.


2 Answers

Referrer is in the HTTP header and so it will be available regardless of whether the window is blank or new. You can get the URL with:

console.log(document.referrer);

There are sites that use this to protect their sites from things like click-jacks, so it would be inappropriate to hide the referrer from the linked page. Browsers that allow for referrer spoofing are considered unsafe, and it tends to be patched when found.

Update

Maybe it's not as frowned upon as I thought. HTML5 has a property for <a> to not send the referrer in the HTTP headers: rel = "noreferrer".

like image 82
Anthony Avatar answered Oct 04 '22 12:10

Anthony


IE with window.open it loses the referer. Simply use jQuery or re-write it without using jQuery:

$("<form />").attr("action", "url").attr("target", "_blank").appendTo(document.body).submit();
like image 25
Dima Avatar answered Oct 04 '22 13:10

Dima