Code Forums - View Single Post

DJMaze · 11-05-2009, 11:04 AM

HTTP_REFERER is a header send by the user agent.
It may or may not exist when the user agent requests a page.

Since the user agent may decide to alter or remove this header, there is no way that you can be 100% sure the referring page comes from your domain.

For example i use the RefControl extension in Firefox to disable HTTP_REFERER or modify it to my liking.
RefControl - Firefox Extension
For my profession this is a great asset to see which dumb-ass company made the website, so that i don't have to apply for a job

Sometimes it is not even the user agent who is stripping the header but a firewall that is removing it from the request to protect anything that requests webpages.

Therefore, the recommended way is to show an error page instead of putting visitors in an endless loop.

11-05-2009, 11:04 AM	#8 (permalink)
DJMaze Senior Contributor Join Date: Mar 2005 Posts: 841	HTTP_REFERER is a header send by the user agent. It may or may not exist when the user agent requests a page. Since the user agent may decide to alter or remove this header, there is no way that you can be 100% sure the referring page comes from your domain. For example i use the RefControl extension in Firefox to disable HTTP_REFERER or modify it to my liking. RefControl - Firefox Extension For my profession this is a great asset to see which dumb-ass company made the website, so that i don't have to apply for a job Sometimes it is not even the user agent who is stripping the header but a firewall that is removing it from the request to protect anything that requests webpages. Therefore, the recommended way is to show an error page instead of putting visitors in an endless loop. __________________ UT: Ultra-kill... God like!