Welcome to WebmasterWorld Guest from 54.145.173.36

Forum Moderators: incrediBILL

Message Too Old, No Replies

HTTP_REFERER problem with browsers

   
11:24 pm on Oct 31, 2002 (gmt 0)

10+ Year Member



Can a surfer intentional prevent his browser from sending the HTTP_REFERER of the site he had found your site from? How would he do this and why?
11:37 pm on Oct 31, 2002 (gmt 0)

10+ Year Member



Yes. Opera makes it easy to do and I think it can also be done with Mozilla.
11:42 pm on Oct 31, 2002 (gmt 0)

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



In Opera go F12->and uncheck "enable referrer logging".

Referral strings are a gapping privacy and security hole in IE and Mozilla.

12:12 am on Nov 1, 2002 (gmt 0)

10+ Year Member



Is this a default setting?

"Referral strings are a gapping privacy and security hole in IE and Mozilla."

What wrong with knowing which site refered your visitor if that's the only information in referer logs (or is there more info that can be extracted in the logs?)?

7:13 pm on Nov 1, 2002 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Quite a few security exploits have been discovered that use the referrer string of various browsers. These get nastier when they are combined with some holes in various versions of server software and/or some javascript exploits.

We're not here to teach how to do hacks, but you can get more information by doing a web search on 'referrer' plus other relevant phrases.

Here's a very basic concern: Suppose a website is rather lazy and they add personal information at the end of the URL as a query string. If you click on a link within that site, the query string goes along as part of the referrer.