HTTP referer


HTTP referer

The referer, or HTTP referer, identifies, from the point of view of an internet webpage or resource, the address of the webpage (commonly the URL, the more generic URI or the i18n updated IRI) of the resource which links to it. By checking the referer, the new page can see where the request came from. Referer logging is used to allow websites and web servers to identify where people are visiting them from, for promotional or security purposes. Referer is a popular tool to combat cross-site request forgery, but such security mechanisms do not work when the referer is disabled. Referer is widely used for statistical purposes.

A "dereferer" is a means to strip the details of the referring website from a link request so that the target website cannot identify the page which was clicked on to originate a request.

"Referer" is a common misspelling of the word "". It is so common, in fact, that it made it into the official specification of HTTP – the communication protocol of the World Wide Web – and has therefore become the standard industry spelling when discussing HTTP referers.

Details

When visiting a webpage, the referer or referring page is the URL of the previous webpage from which a link was followed.

More generally, a referer is the URL of a previous item which led to this request. The referer for an image, for example, is generally the HTML page on which it is to be displayed. The referer field is an optional ["The Referer [sic] request-header field allows the client to specify […] the address (URI) of the resource from which the Request-URI was obtained […] " RFC 2616 § 14.36] part of the HTTP request sent by the browser program to the web server.

Many web sites log referers as part of their attempt to track their users. Most web log analysis software can process this information. As referer information can violate privacy, some browsers allow the user to disable the sending of referer information. Some proxy and firewall software will also filter out referer information, to avoid leaking the location of non-public websites. This can in turn cause problems: some servers block parts of their site to browsers that don't send the right referer information, in an attempt to prevent deep linking or unauthorised use of images (bandwidth theft). Some proxy software has the ability to give the top-level address of the target site as the referer, which usually prevents these problems while still not divulging the user's last visited site.

Recently many blogs have started publishing referer information in order to link back to people who are linking to them, and hence broaden the conversation. This has led, in turn, to the rise of referer spam: the sending of fake referer information in order to popularize the spammer's site.

Many pornographic paysites utilize referer information to secure their materials: only browsers arriving from a small set of approved (login-) pages are given access; this facilitates the sharing of materials among a group of cooperating paysites. Referer spoofing is often used to gain free access to these sites.

Referer hiding

Most web servers will maintain logs of all traffic, and record the HTTP referer sent by the browser for each request. This raises a number of privacy concerns, and as a result a number of systems to prevent servers being sent the real referring URL have been developed. These systems work either by blanking the referer header or by replacing it with inaccurate data. Generally, internet security suites blank the referer data, while web based servers replace it with a false URL, usually their own - of course, this raises the problem of referer spam. The technical details of both methods are fairly consistent - software applications act as a proxy server and manipulate the HTTP request, while web based methods load websites within frames, causing the browser to send a referrer URL of their website address. Some web browsers give their users the option to turn off referer headers.

Most major browsers do not send the referer header when they are instructed to redirect using the "Refresh" HTTP header. However, this method of redirection is discouraged by the W3C. [http://www.w3.org/TR/WCAG10-HTML-TECHS/#meta-element]

References

See also

* Referer spoofing, changing referer information to gain unauthorized access to a web site.
* Referer spam, providing fake referer information in order to popularize a spammer's website.

References and external links

* RFC 2616: Hypertext Transfer Protocol – HTTP/1.1
* [http://www.ietf.org/rfc/rfc3987.txt IRI] – Internationalized Resource Identifiers


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • HTTP referer — HTTP Постоянное соединение · Сжатие · HTTPS Методы OPTIONS · GET · HEAD · POST · PUT · DELETE · TRACE · CONNECT · PATCH Заголовки Cookie · ETag · Location · Referer DNT · X Forwarded For …   Википедия

  • HTTP Referer — Référant  Pour l’article homophone, voir Référent. Un référent ou référant, plus connu sous l anglicisme referer ou referrer[1], est, dans le domaine des réseaux informatiques, une information transmise à un serveur HTTP lorsqu un visiteur… …   Wikipédia en Français

  • HTTP referrer — HTTP Persistence · Compression · HTTPS Request methods OPTIONS · GET · HEAD · POST · PUT · DELETE · TRACE · CONNECT Header fields Cookie · ETag · Location · Referer DNT · …   Wikipedia

  • HTTP — Название: Hypertext Transfer Protocol Уровень (по модели OSI): Прикладной Семейство: TCP/IP Создан в: 1992 г. Порт/ID: 80/TCP Спецификация …   Википедия

  • Referer spam — is a kind of spamdexing (spamming aimed at search engines). The technique involves making repeated web site requests using a fake referer url that points to the site the spammer wishes to advertise. Sites that publicize their access logs,… …   Wikipedia

  • HTTP cookie — HTTP Persistence · Compression · HTTPS Request methods OPTIONS · GET · HEAD · POST · PUT · DELETE · TRACE · CONNECT Header fields Cookie · ETag · Location · Referer DNT · …   Wikipedia

  • HTTP 404 — HTTP Постоянное соединение · Сжатие · HTTPS Методы OPTIONS · GET · HEAD · POST · PUT · DELETE · TRACE · CONNECT · PATCH Заголовки Cookie · ETag · Location · Referer DNT · X Forwarded For …   Википедия

  • HTTP pipelining — HTTP Постоянное соединение · Сжатие · HTTPS Методы OPTIONS · GET · HEAD · POST · PUT · DELETE · TRACE · CONNECT · PATCH Заголовки Cookie · ETag · Location · Referer DNT · X Forwarded For …   Википедия

  • Referer spoofing — In computer security, referer spoofing or ref tar spoofing is the sending of incorrect referer information along with an HTTP request, sometimes with the aim of gaining unauthorized access to a web site. It can also be used because of privacy… …   Wikipedia

  • Referer-Spam — Referrer Spam (auch Logdatei Spam) ist eine Sonderform des Suchmaschinen Spamming. Hierbei werden Webseiten massenhaft aufgerufen, damit sie in den Referrer Informationen der Statistiken der angegriffenen Webseiten auftauchen. Inhaltsverzeichnis… …   Deutsch Wikipedia