I'm using something like this
mysite.com/out.php?url=outurl.com
I'm just using a simple redirect, but I'm just wondering how I can hide the referrer.
Thanks!
edit: I ended up doing a double meta refresh
The referrer is attached by the user's browser, not by your server, it's up to them to include it or not
If by hide you mean to remove it from the address bar than you could use a POST request instead of GET or a custom HTTP header. As a third option you could use a GET request but encrypt the data. Also I suppose you are talking about some custom referrer and not the standard HTTP referrer which might be sent by the user agent.
If you're really serious about hiding the referrer from downsteam sites, you have options...
For example you could try the service
http://referer.us/
which offers rediction (i.e. all referrals appear to come from instead of you).
Depending on your goals, you could easily implement a similar service yourself, either at your own domain (e.g. "/generic-referer.html" if you don't want people seeing the deep-linked page from which a visitor is coming) or a new domain that you control.
Yes, you can hide your referrer :
Newer browsers now support this properly anyway, with a meta tag. You can add:
For that page which you want to hide referrer.
I think it will help :-)
Related
Lets say I have a URL, www.mysite.com/go that I want to redirect to www.anothersite.com/site.php?id=999
The trick is, I do not want anothersite.com to be able to see that the request came from mysite.com. It should look like the address www.anothersite.com/site.php?id=999 was typed into the addressbar manually by the user.
It is important to note, that this has nothing to do with Google Analytics, and there will never exist an anchor link to www.mysite.com/go anywhere. Instead, the user will manually input www.mysite.com/go in the address bar (which is easier to remembar than the long URL).
How is this achieved? The technology in question is PHP. I imagine that it can be achieved with the header() function, but google searches reveal that this only works with https, not http. Can I via PHP control what the client provides of referrel information when the redirect is performed? I guess that if I want it to look like the address was typed into the address bar, I would have to blank out the referrer information. Is it possible?
It's not possible by means of a HTTP Redirect. You don't have any control over the outgoing referrer header as the browser handles it entirely client-side.
Your only real option that you can directly control is to use HTTPS. Referrers with a value of a HTTPS page are not carried forward by browsers.
Example flow:
http://www.mysite.com/go (so any existing links don't have to change)
https://www.mysite.com/go
http://www.anothersite.com/site.php?id=999
Is there a way in which I can detect the URL that is calling in my php page, similar to say a GET or POST but would like to get the URL as I would like to restrict the page accessing it to a certain URL as this file is being called from another server.
Basically: www.MYURL.com calls the php file from say www.PHPURL.com if the URL is NOT www.MYURL.com then bounce them out etc.
Many Thanks
In response to the answers below I used the as mentioend and here is what I did:
$URL_REF = parse_url($_SERVER['HTTP_REFERER']);
$URL_REF_HOST = $URL_REF['host'];
Thanks #Philip Bevan,#Itai Sagi and #EvilP
well, you could use $_SERVER['HTTP_REFERER'] - but it can be cloaked/removed.
EDIT: as someone asked, the HTTP_REFERER is a header which is sent by the client, most browsers default behavior is to send it, but if you'd like, you can disable it or even send a different referer header so people will think you come from some place else.
the bottom line: if it isn't THAT critical for you, you can use it, but don't EVER, EVER give people extra privileges based on their referer alone.
$_SERVER["HTTP_REFERER"]
is what you are looking for.
How can I make it so when the site visitor of mysite.com clicks a link, like http://google.com, the referrer page is not sent to the target website ?
Is this possible with PHP ?
Basically I want the linked site to not be aware where the visitor came from
I don't think it is possible, as the HTTP referrer information is sent by the browser. You can install browser plugins to prevent sending referrers, but not directly with PHP.
Update: I just found this
If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referrer field is not sent.
The upcoming standard HTML5 will support the attribute/value rel = "noreferrer" in order to instruct the user agent not to send a referrer.
Source: http://en.wikipedia.org/wiki/HTTP_referrer#Referrer_hiding
The referer is set by the browser, not the server, so broadly speaking, you can't really control this.
You may be able to find ways to mask mysite.com by redirecting the user through an intermediary site to google.com. I wouldn't recommend this, though.
No. Not possible. The client (broswer) is responsible for that HTTP header. A browser might even choose to not (ever) send it. (I'm not sure about the exact protocols/specifications of when to send it.)
edit
There might be a trick. (But I don't know it.) Maybe some JavaScript or header cancelling image or something nasty.
I have a simple signup form that needs to track number of hits from one specific external referer. This is a simple task with PHP's:
$_SERVER['HTTP_REFERER']
however, it is blank. After doing some research i tried to use some javascript:
document.referrer
Still blank. :(
I really dont need anything elaborate, but am trying to NOT use awstats.
Is there any other way to get the referer (hacks accepted)?? Or am I stuck with the stats???
-thanks
In short: If the user don't want it, you will never know, where he comes from. However, a more "reliable" solution may be to add the referrer to the link from the origin site to yours. Something like
Visit example.com
This requires, that external sites cannot just link to your site, but always needs to add their personal id. If this is not possible there is not much you can do.
At all its possible, that someone may change this id too.
The referer is possibly sent in the HTTP request's header.
It is possible that the browser will not even send it, or some kind of proxy, firewall or security suite strips it out or even changes it. You cannot rely on it.
There is only one thing you can do: if it is empty, consider that you don't know the referer.
I have an application which records users visits. None of these visits are directly accessed, 100% of these visits are referred from another site.
I am passing $_SERVER['HTTP_REFERER'] through to the database. Approximately 35% of the logged entrees pass a referer, the rest are blank.
Is there a reason for this?
There are a couple of number of reasons why HTTP_REFERER might be blank.
You have to understand it's an environment variable given by the browser. Meaning users can remove it or even change it, if they so intend to.
Users accessing the link from a bookmark, history or by typing the link manually do not have a referer.
IE has also been known to remove the referer in situations revolving around javascript. Such as window.open, window.location and even setting target="_blank" in anchors or meta refresh.
Clicking an embedded link in a chat application, PDF/Word/Excel document, will also not set a referer.
Using AJAX, file_get_contents, fopen and other similar functions in other languages will probably not set a referer request.
cURL, fsockopen, applications that have browser-like components might not set a referer.
There are probably more situations when this could happen, I'll update if I can think of anything that seems reasonable.
If a user visits your site directly, there is no referrer. It's also possible they have set it up so their browser never sends the referrer.
According to this answer, browsers do not necessarily send a referrer when doing a meta refresh.
Browsers sometimes will include the referer in the request. But it is not mandatory to do so (the referer is 100% voluntary). Indeed there are various privacy and security issues surrounding the referer (for example, if an HTTPS site refers you to an HTTP site, the browser should not include the referring site as the referer). So don't rely on it.
When linking from one document to another in Internet Explorer 4.0 and later, the Referer header will not be sent when the link is from an HTTPS page to a non-HTTPS page. The Referer header also will not be sent when the link is from a non-HTTP(S) protocol, such as file://, to another page. for more info go to this link
Direct access to your page (typing URL in address bar or from bookmarks, history, etc)
Browser settings (disabled referrer or empty)
if someone requests page content with file_get_contents() function...
It is common when you are stuck finding why it is missing:
- Sometime your referer is https and you are on http, it will be lost.
Otherwise:
- User accessing by inputing url directly.
- A user has bookmarked and come from bookmarks.
- Sometime user keep the url default for browser (similar like bookmark)
- Proxy surfying may remove referer.
- accessing website as bots (search engine)
It also depends on the Transport layer, I encountered an issue where my Consumer Application A was running on the HTTP layer while the Application from where I was sending the request was running on the HTTPS layer.