What would HTTP referrer be?
https://stackoverflow.com/questions/1518208
-
19-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What would the HTTP referrer be in the following cases:
- User clicks a link on a website and arrives at a different website that is hot linking an image from a 3rd website, what would the referrer be on the image.
- User clicks a link that goes to a different website that uses META Refresh to send them back to the first website.
- User clicks a link that goes to a different website which contains an iframe to a second page on the second site, is the referrer the original site or the second site?
I cant seem to find an answer, If I cant get an answer here then i'll just make the pages and test it.
Solution
The Referer is always the document/resource that is referring to the current resource. So:
- The URL of the document the image is hot-linked in.
- Different from HTTP redirects, a META refresh will invoke the browser to send the URL of the document the META refresh is in.
- Just like the image, the Referer will be the URL of the document that contains the frame.
OTHER TIPS
I am too lazy to try to interpret all given scenarios, but to help test things one can easily created a PHP script to return an image that tells us what the referrer is:
<?php
header("Content-type: image/png");
header("Cache-control: no-cache");
header("Pragma: no-cache");
header("Expires: -1");
$s = "Referrer: " . $_SERVER['HTTP_REFERER'];
$im = @imagecreate(500, 13)
or die("Cannot Initialize new GD image stream");
$black = imagecolorallocate($im, 0, 0, 0);
imagecolortransparent($im, $black);
$red = imagecolorallocate($im, 255, 0, 0);
imagestring($im, 3, 0, 0, $s, $red);
imagepng($im);
imagedestroy($im);
?>
If a web site responds with a HTTP redirect, like 302 Moved Temporarily, then your browser will still send the original referrer with the redirected request:
<?php
header("Location: http://[..]/referrer-to-img/referrer.php?redirected");
?>
Please note that, for example in Safari on a Mac, Command-click (to open a link in a new tab) and Command-Option-click (new window) do set the referrer for that link, while choosing "Open Link in New Tab/Window" from the context menu (after a right-click) does not.
Happy testing. ;-)
The referrer would be the third website.
The referrer is always the host of the HTTP request.
The referrer would be the different website.
Even though the page uses a meta refresh it is still an HTTP request and the previous rule applies.
The referrer would be the second website.
iframerequests are treated just like requests in new browser windows.
First off, HTTP Referer may be just about anything which various privacy-aware software client-side or even on some gateway/proxy on the way may turn it to be.
Yet let me take a crack at it:
1. That of the second web site 2. That of the second web site 3. pretty sure (not certain) but the second site still seems to be the right response.
Whatever the current page is at the time the browser sends a request (be it for an image, a redirection, whatever) is [normally] sent to the server underlying the URL of the request. [again, if no privacy device of sorts change this and other HTTP header values]
Guesses, but I'm pretty confident:
- Third website would see the second site as the referer.
- First website sees referer as second web site
- Second site.
