Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

HTTP Referer not always being passed

Tags:

php

referer

I have an application which records users visits. None of these visits are directly accessed, 100% of these visits are referred from another site.

I am passing $_SERVER['HTTP_REFERER'] through to the database. Approximately 35% of the logged entrees pass a referer, the rest are blank.

Is there a reason for this?

like image 971
reefine Avatar asked Apr 13 '11 02:04

reefine

People also ask

Is the referer header always sent?

Some web browsers give their users the option to turn off referrer fields in the request header. Most web browsers do not send the referrer field when they are instructed to redirect using the "Refresh" field. This does not include some versions of Opera and many mobile web browsers.

Is HTTP referer reliable?

Using HTTP_REFERER isn't reliable, its value is dependent on the HTTP Referer header sent by the browser or client application to the server and therefore can't be trusted because it can be manipulated. Regarding the Referer header, section 15.1.

Why is referer empty?

There might be several reasons why the referer URL would be blank. It will/may be empty when the enduser: entered the site URL in browser address bar itself. visited the site by a browser-maintained bookmark.

Can http referer be spoofed?

In HTTP networking, typically on the World Wide Web, referer spoofing (based on a canonised misspelling of "referrer") sends incorrect referer information in an HTTP request in order to prevent a website from obtaining accurate data on the identity of the web page previously visited by the user.

1 Answers

There are a couple of number of reasons why HTTP_REFERER might be blank.

  1. You have to understand it's an environment variable given by the browser. Meaning users can remove it or even change it, if they so intend to.
  2. Users accessing the link from a bookmark, history or by typing the link manually do not have a referer.
  3. IE has also been known to remove the referer in situations revolving around javascript. Such as window.open, window.location and even setting target="_blank" in anchors or meta refresh.
  4. Clicking an embedded link in a chat application, PDF/Word/Excel document, will also not set a referer.
  5. Using AJAX, file_get_contents, fopen and other similar functions in other languages will probably not set a referer request.
  6. cURL, fsockopen, applications that have browser-like components might not set a referer.

There are probably more situations when this could happen, I'll update if I can think of anything that seems reasonable.

like image 78
Khez Avatar answered Oct 16 '22 09:10

Khez
Sign in to Comment

Related questions

Amazon S3 - How to Check if Presigned URL is Expired?
Laravel and Carbon - DiffInDays If Statement
phpMyadmin error "continue" targeting switch is equivalent to "break"
Implications of Instantiating Objects with Dynamic Variables in PHP
PHP function imagettftext() and unicode
Best practice in CakePHP for saving data, using models in component
How can I change the name of an element in DOM?
Is there any good php5 OOP tutorial site? [closed]
Count number of MySQL queries executed on page
How to setup or construct a PHP Unit test
Is there a way to get long/lat for a given address in Google Maps with only PHP?
Why is my time() off by one hour in php?
Do I need a trailing semicolon here?
SimpleXML how to prepend a child in a node?
How to recover from a fatal error "Allowed memory size exhausted"
recursive function to get all the child categories
merge two arrays, while maintaining the numeric keys
How can I write data into an excel using PHP?
PHP get dimensions of SWF file
How to make a textbox of multiple line type in html?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!