Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is the HTTP Referer if the link is clicked in an <iframe>?

Tags:

Suppose I have a webpage located at http://www.website.com with an <iframe> in it. Like this:

<html>  <head>...</head>  <body>   ...   <iframe src="http://www.washington.edu">   ...  </body> </html>

Now suppose someone goes to www.website.com and clicks a link in the iframe itself (this link is located on www.washington.edu website).

My question is what is the HTTP Referer in this case?

Is it http://www.website.com (the page hosting iframe) or is it http://www.washington.edu (the page in which the link was clicked)?

like image 882
bodacydo Avatar asked Dec 11 '11 23:12

bodacydo

People also ask

What is the referrer of an iframe?

Referrer. When loading an iframe, the browser sends it important information about who is loading it in the Referer header (notice the single r , a typo we must live with). The referrerpolicy attribute lets us set the referrer to send to the iframe when loading it.

What is iframe tag in HTML?

Definition and Usage. The <iframe> tag specifies an inline frame. An inline frame is used to embed another document within the current HTML document.

How does an iframe work?

An inline frame (iframe) is a HTML element that loads another HTML page within the document. It essentially puts another webpage within the parent page. They are commonly used for advertisements, embedded videos, web analytics and interactive content.

Why is referer empty?

There might be several reasons why the referer URL would be blank. It will/may be empty when the enduser: entered the site URL in browser address bar itself. visited the site by a browser-maintained bookmark.

2 Answers

It depends on the browser.

Firefox and Safari will report the referrer as http://www.website.com while some versions of Internet Explorer will show http://www.washington.edu as the referrer.

UPDATE 2015-04: Testing latest versions of above mentioned, all of them would return http://www.washington.edu

like image 117
muskratt Avatar answered Oct 05 '22 22:10

muskratt

Current browsers

As of August 2015 all the major browsers (Safari, Chrome, Firefox) should set the Referer HTTP header to http://www.washington.edu in this case.


But I encourage you to test how specific browsers versions behave in specific cases if your application depends on Referer value heavily.

I write this because for example I have found out that Safari 8 currently makes requests with incorrect Referer for JavaScript loaded in iframes, probably if this JavaScript have previously been requested with a different Referer. This is a bug that's similar to this particular one that was closed in Chromium only in 2014. (I have already reported it to Apple, btw.)

Old browsers

Historically Internet Explorer 6 showed different behaviour than described above - it would set the Referer HTTP header to http://www.website.com.

like image 44
Greg Dubicki Avatar answered Oct 05 '22 22:10

Greg Dubicki
Sign in to Comment

Related questions

How to structure git repository for a client-server project
Is there any way to access Protocol Buffers with python 3.x?
min-height:100%; height:100%; not working
UDP hole punching implementation
Check if same origin policy applies
Determining if batch script has been started/executed from the command line (cmd) -or- To pause or not to pause?
Bottle + WebSocket
'names' attribute must be the same length as the vector
error: package com.sun.tools.javac.util does not exist
ASP.Net Web API model binding not working like it does in MVC 3
How to create simple calendar on android [closed]
Can i get the list of associated keywords to a specific file,

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!