https blanks referrer no matter what?

Discussion in 'Black Hat SEO' started by invinceable, Dec 24, 2010.

  1. invinceable

    invinceable Regular Member

    Joined:
    Jul 12, 2008
    Messages:
    427
    Likes Received:
    73
    is this true that if you run it through an https link it will blank the referrer no matter what?
     
  2. angelas111

    angelas111 Elite Member

    Joined:
    Jan 4, 2009
    Messages:
    1,641
    Likes Received:
    1,043
    Location:
    ohio
    only in ie if i'm not mistaken. not firefox.
     
  3. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    1,001
    Due to sensitive information potentially being stored in url parameters, it is pretty standard operating procedure for browsers (IE and FF included) to omit the referrer when a user goes from HTTPS to HTTP. Hyperlink, redirect, xhr.. doesnt seem to matter, all will be blanked.
     
  4. JesusBack

    JesusBack Senior Member

    Joined:
    Sep 15, 2010
    Messages:
    1,159
    Likes Received:
    1,288
    Occupation:
    Almost done :D
    Location:
    {calm|cool|collected}
    it makes sense to do it, but there will always be shitty browsers like the psp browser, etc.
     
  5. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    1,001
    Yea exactly right. So make sure you test, test again, then test some more ;)
     
  6. Grizzy

    Grizzy Senior Member

    Joined:
    Nov 11, 2008
    Messages:
    919
    Likes Received:
    1,001
    Also good idea to check each and every visitor, and confirm that they can be blanked. Can be tricky to code, but I know it can be done with a little bit of cross domain iframe communication.
     
  7. JesusBack

    JesusBack Senior Member

    Joined:
    Sep 15, 2010
    Messages:
    1,159
    Likes Received:
    1,288
    Occupation:
    Almost done :D
    Location:
    {calm|cool|collected}
    I hate doing that ... it was a nightmare to code an offsite content gateway. Oh the horrible AJAX! :eek:

    also if(isset($_SERVER["HTTP REFERER"]) die("you browser sucks dude");


    then again that's if you own the site being redirected to.
     
    Last edited: Dec 24, 2010