Does "request.referer == nil" always mean direct traffic?

Question

When request.referer doesn't return anything, does that always mean that the visitor didn't do the request through a link - i.e. she somehow manually entered the requested page's address?

Or are there other cases where request.referer returns nil (granted that the request is successful)?

Answer 1

Short answer: No.

Generally speaking, the referrer - like all other HTTP headers - is user submitted data. User submitted data should not be trusted.

Off the top of my head I can think of these scenarios, where the referrer wouldn't be set without the user having manually entered the URL.

• Clicking a link in an email client.
• Using privacy software that removes referrers.
• Bots/spiders might not set this header.
• Following a link from a HTTPS site to a HTTP site.

There might well be other cases (fx I am not sure how browsers handle referrers when opening links in new windows).

And then there are the cases where the referrer is set, but no user has entered the address; notably bots - especially the referrer-spamming ones.

Answer 2

I have not verified that but it's always safe not to check nil for blank value but to use blank?

request.referrer.blank?

This ensure the case when it's nil or blank string.