How do you spoof HTTP_REFERER?

Question

I need to try and spoof the HTTP_REFERER passed my another page so that in the destination page, I can determine of the request is coming in from the "right" page and perform appropriate logic.

1. How do I do that in JavaScript (AJAX)?
2. Can I do that in ASP.Net?

TIA rams

Answer 1

Generally speaking, you cannot cause other browsers to return a false HTTP_REFERER without an exploit, plug-in, or other extension. If you want to modify the value sent from your web browser and you are using FireFox, look at the Modify Headers extension.

In any case, you should never rely on HTTP_REFERER being accurate. There is no guarantee that the HTTP_REFERER you receive is not faked or simply not sent.

Answer 2

If you want to test at the destination page whether a request is coming from the "right" page, you don't need to spoof the referrer. All you need to do is issue the request from a different page. Set up a page at a different URL from what you consider the "right" one, and issue requests from there, either by clicking a link to the destination page or by putting an image sourced from the destination.