Change HTTP_REFERRER using php before redirecting

Question

I have a script which redirects to an link like

header("Location:http://foo.com/abc.xyz");

but I want to either set the HTTP_REFERRER to be http://foo.com or blank so that the site http://foo.com can not track that the reference was sent from another domain in which script is installed.

Answer 1

Well of course there is a way to spoof a referer. How usefull it will be is something for you to decide :)

Since the referer comes from the web browser client, we will need to create our own "PHP WWW Client"... Basically a proxy.

Here is some code that will spoof all the information that is there:

<?php

// Setup Information
$host = "www.yoursite.com";
$page = "/index.html";

// Open the socket
$fp = fsockopen($host,80,$errno,$errstr,30) or die("Could not establish a connection. $errstr($errno)");

// Request the page
fputs($fp,"GET $page HTTP/1.0\r\n");
fputs($fp,"User-agent: PHP WWW Client\r\n");
fputs($fp,"Referer: http://www.anothersite.net\r\n");
fputs($fp,"\r\n");

// Read response
while (!feof($fp)) {
$page .= fgets ($fp,128);
}

// Close Socket
fclose($fp);

?>

$page will now contain the HTML contents of the page you just recieved from the server.

As for what you do with it next, that is up to you :) You will probably need to format any URLs in the code so they will work from your domain. Then print out the html code.

Generally doing this is not really a good idea, but this is the only way that I know of to "spoof" the referer and user-agent.