dstiles - 10:39 pm on Apr 16, 2009 (gmt 0)

If the target is a server (eg google's redirect server) then it's possible to alter header fields as the request travels through it. It's just another form of proxy.

So-called "privacy services" are constantly removing or modifying headers before passing on the information to the server and ditto on the way back to the browser.

I submit a request to my proxy saying I want a certain page from my web site; the proxy server modifies the headers to what IT wants; the proxy sends the modified request to the target server/web site; the target web site behaves according to what the proxy tells it, not what the browser requested, and returns the content - or not; the logs reflect accordingly.

Works here, anyway. :)

Obviously in google's case most, if not all, of the original referer (or whatever) string gets passed on to the web site, but it doesn't have to be. And again obviously, this only works if the original request goes through an intermediate server of some kind, be it proxy, firewall, privacy service or whatever.