Could be the users firewall stripping off some of the information?

I'd wonder about intentional "referer header" cloaking because like you, I've never seen 'bare' Google-referred visitors. And nowadays, it's very easy for people to alter or completely hide referers.

Have you checked the IP/Host WHOIS info of the apparent referrers? (dnsstuff-dot-com; whois-dot-sc) Doing so will give you some idea as to whether the iffy visitors appear to be hailing from blacklisted hosts, high-risk countries, etc.

I saw the same a few weeks ago. I assumed somebody was messing around with the referrer header. The FBI referrer is more popular...

I noticed a few yesterday and the day before as I was showing my son the references to one of my sites.

I clicked on the Google references and told him "this is what pages Google searchers found me from"....and YIKES...straight from the search page? What's up? I thought it was some kind of hack or firewall as already mentioned.

Never seen this in 4 yrs.?

Strange...

Have you checked the IP/Host WHOIS info of the apparent referrers?

Are you talking about the actual visitors IP, or the referring pages? If you are speaking in terms of finding the IP of where the user was referred from, currently all I have setup is a way to track the referring page. I will look into a way to record the IP as well... does anyone do this currently?

For me, there are varying degrees of YIKES, including seeing people click on links in their referer logs... Why? Because your private stats pages can be tracked-back, too, you know:)

So let's see. About suspect referers and such --

Perhaps the following will give you some ideas/options, or even peace of mind if you have the mind-bogglingly wonderful (& just plain mind-boggling) mod_rewrite. (See WW's Apache Web Server Forum)

1.) IFFY

There are perfectly innocent reasons for a lack of referer headers, from bookmarks to hardware. Also, hiding referer headers is increasingly billed as a 'personal privacy feature' in software because others can't see where you've been (us server-protective log addicts being amongst the untrusted others. Alas.). The current crop of easily obtained software referer hiders includes Norton's "Privacy Control" component and (too) many Firefox extensions.

What to do if visitors are iffy?

Well, I redirect them via mod_rewrite (302) to a plain IP where they're met with a page indicating something's awry and urging them to e-me (address is a graphic) and include all the data on the page. The page captures and shows their UA, and IP/HOST info so it's a quick and easy way for me to troubleshoot.

FWIW, more times than not visitors reply along the lines of: "I'm a computer dummy. My (son, grandson, daughter, nephew, handyman, neighbor) installed everything on this machine for me..." I don't fret about those folks, but it is time-consuming to educate them about what to uncheck or undo.

2.) MAYBE

The visitors I eyeball a lot more closely are those whose referer headers and/or UAs are obviously faked. Like visitors appearing to refer from Google but minus variables. Like the UA I saw yesterday:

tifkgplMemfrfwowvmmlsmc2frqikxovgooit

Okay, so that was an easy one:) And probably someone just goofing around. But if they know enough to goof around -- to not just 'blank' a referer or UA but go a step further and actually swap in something else -- they may also know enough to be dangerous, either accidentally or on purpose. (Read: Script Kiddies.) Maybes get mod_rewrited (302) straight away and sometimes they end up e-mailing an apology!

3.) NO WAY

This is my YIKES category -- the visitors whose browsing behavior gets me to hang up the phone or set something else aside and hunker down in order to act quickly.

These include visitors with UAs allllmost akin to real ones and they can be tough to spot. But if a visitor has an iffy UA, and no referer info, and a suspect IP/Host, and/or they hit and run (home page; no graphics) or hit too quickly (1-3 pps), and/or trigger various hidden traps, then I immediately rewrite them (403) to yet another special page (where pertinent details are logged via "exec cmd") and see if I ever hear from them again. I don't, probably because real people aren't even at the other end.

(Aside: Notorious UAs, from e-mail suckers to site scrapers, are blocked from the get-go. Also, suspect hosts include a staggering number of Africa- and Asia-based IPs, and lately, the Netherlands. Those get coded into the firewall by the block-full.)

Yikes! That was a lot of unsolicited info:) Hopefully some of it will be helpful to somebody!

Any chance those referrals could be from the "I feel lucky!" button?

Freq---

Good point! I just tested it on my top PR site and here's my referer (from my logs):

"http://www.google.com/"

Hmm. Like the other comments, in umpteen years I've never seen that. Nor anything like this, which has the same hop-to effect:

[google.com...]

But again, good thinking there, Freq:) Do you suppose the short form is a GET and the latter an 'exposed' POST?

Freq! You're right!

Any chance those referrals could be from the "I feel lucky!" button?

I just tested this, and it does show up as a referral from the Google home page. That's excellent... I wonder what the searches are for.

I am also seeing some differences in how referals from google are described in my log, thanks to google analytics ironically enough.

news.google.com is one that brings me quite a bit (in the past I just had to guess whether I was getting traffic from there based on the keywords I saw people using to find me)...there is also google[organic], google.com[referral], and images.google.com.

This stuff all started happening in the past few days, and I've been using the google stats for over a month now.