The HTTP referer (originally a misspelling of referrer [1] ) is an HTTP header field that identifies the address of the webpage (ie the URI or IRI ) that is linked to the resource being requested. By checking the referrer, the new webpage can see where the request originated.

In the MOST common position this means clustering That When a user clicks a hyperlink in a web browser , the browser Sends a request to the server holding the destination webpage. The request includes the referer field, which indicates the last page of the user was on (the one where they clicked the link).

Referer logging is used to allow websites and web servers to identify where they are visiting from, for promotional or statistical purposes. [2]

Etymology

The misspelling of referrer originated in the original proposal by computer scientist Phillip Hallam-Baker to Incorporate the field into the HTTP specification. [3] The misspelling was set in stone by the time of its incorporation into the Request for Comments standard document RFC 1945 ; co-author Roy Fielding has remarked that neither “referrer” nor the misspelling “referer” were recognized by the standard Unix spell checker of the period. [4]“Referer” has been widely used in the industry when discussing HTTP referrers; The use of the misspelling is not universal, however, as the correct spelling “referrer” is used in some web specifications such as the Document Object Model .

Details

When visiting a Web page , the referrer or referring page is the URL of the previous webpage.

More, a referrer is the URL of a previous item which led to this request. The referrer for an image, for example, is the HTML page on which it is to be displayed. The referrer is an optional part of the HTTP request sent by the web browser to the web server. [5]

Many websites log referrers as part of their attempt to track their users. Most web log analysis software can process this information. Because referrer information can violate privacy , some Web browsers allow the user to disable the sending of referrer information. [6] Some proxy and firewall software will also filter out information, to avoid leaking the location of non-public websites. This can, in turn, causes problems: some web servers block of their website to web browsers that do not send the right information, in an attempt to prevent deep linking or unauthorized use of images ( bandwidth theft). Some proxy software has the ability to give you a better view of the world, which usually prevents these problems while still not divulging the user’s last-visited website.

Many blogs publish referrer information in order to link back to people who are linking to them, and hence broaden the conversation. This article is about to turn up spamming : the sending of information in order to popularize the spammer’s website.

Many pornographic countries use their information to secure their websites. Only web browsers arriving from a small set of approved (login) pages are given access; this facilitates the sharing of materials among a group of cooperating countries. Referrer spoofing is often used to gain access to these countries. quote needed ]

It is possible to access the information on the client by using document.referrer in JavaScript . [7] This can be used, for example, to individualize a web page based on a user’s search engine query. However, the referrer field does not always include queries, such as when using Google Search with https. [8]

Referer hiding

Most web servers keep track of all traffic, and record the HTTP referrer by the web browser for each request. This raises the question of a number of privacy concerns, and a result, a number of systems to prevent web servers being sent to the URL. These systems work by blanking the field by replacing it with inaccurate data. Generally, Internet-security suites blank the referrer data, while web-based servers replace it with a false URL, usually their own. This raises the problem of referrer spam. The technical details of both methods are fairly consistent – software applications act as a proxy serverand manipulate the HTTP request, while web-based methods load websites within frames, to refer to the URL of their website address. Some web browsers give their users the option to turn off the fields in the request header. [6]

Most web browsers do not send the referrer field when they are instructed to redirect using the “Refresh” field. This does not include some versions of Opera and many mobile web browsers. However, this method of redirection is discouraged by the World Wide Web Consortium (W3C). [9]

If a website is accessed from a secure HTTP (HTTPS) connection, then the referrer field is not sent. [10]

The HTML5 standard added support for the attribute / value rel = “noreferrer”, which instructs the user agent to not send a referrer. [11]

Another referrer hiding method is to convert the original link URL to a data uri scheme -based URLs Containing small HTML page with a meta refresh to the original URL. When the user is redirected from the data: page, the original referrer is hidden. The first public implementation of this method is the Darefer app for ownCloud . quote needed ]

Content Security Policy standard version 1.1 introduced a new referrer that allows more control over the browser’s behavior in the referrer header. Specifically it allows the webmaster to navigate to the world, to reveal it only when moving with the same origin and so on. [12]

References

  1. Jump up^ “HTTP: The Definitive Guide” .
  2. Jump up^ Kyrnin, Jennifer (2012-04-10). “Referrer – What is a Referrer – How do HTTP Referrers Work?” . About.com . Retrieved 2013-03-20 .
  3. Jump up^ Hallam-Baker, Phillip (2000-09-21). “Re: Is Al Gore The Father of the Internet?” . alt.folklore.computers . Retrieved 2013-03-20 .
  4. Jump up^ Fielding, Roy (1995-03-09). “Re: referer: (sic)” . ietf-http-wg-old . Retrieved 2013-03-20 .
  5. Jump up^ “Hypertext Transfer Protocol (HTTP / 1.1): Semantics and Content (RFC 7231 § 5.5.2)” . IETF . June 2014 . Retrieved 2014-07-26 . The “referrer” [sic] header field allows the user to specify a URI reference for the resource from which the target URI was obtained […]
  6. ^ Jump up to:b “Network.http.sendRefererHeader” . MozillaZine . 2007-06-10 . Retrieved 2015-05-27 .
  7. Jump up^ “HTML DOM Document referrer Property” . w3schools.com . Retrieved 2013-03-20 .
  8. Jump up^ Gundersen, Bret (2011-10-19). “The Impact of Google Encrypted Search” . Adobe Digital Marketing Blog . Retrieved 2013-03-20 .
  9. Jump up^ “HTML Techniques for Web Content Accessibility Guidelines 1.0: The META element” . W3C . 2000-11-06 . Retrieved 2013-03-20 .
  10. Jump up^ “Hypertext Transfer Protocol (HTTP / 1.1): Semantics and Content: referrer (RFC 7231 § 5.5.2)” . IETF. June 2014 . Retrieved 2014-07-26 . A user agent must not send a referrer header field in an unsecured HTTP request if referring to a secure protocol
  11. Jump up^ “4.12 Links – HTML Living Standard: 4.12.5.8 Link type” noreferrer ” “. WHATWG . 2016-02-19 . Retrieved 2016-02-19 .
  12. Jump up^ “Content Security Policy Level 2” . W3. 2014 . Retrieved 2014-12-08 .