There is a great thread on here about 'faking' and 'blanking' the referrer. READ THREAD HERE. In fact there are a lot of great threads here on techniques to use with the referrer from DMR, to nested frames, . . and the list goes on. However, I feel like a lot of people here have no idea how to check a referrer on the fly. Why would YOU want to learn this? -To check other's claims about a method they swear 'doesn't leak' -To see if the software/script you stole that is 3 years old, really still works. -To check wild configurations that you are uncertain about -To spy on a competitor and see what he is actually passing to the sponsor or site as his referrer. -A shitload of other reasons i'm not going to post. . its endless. Method 1 - HTTP fox Http fox is a FF add on (yes it works with ff 9.0). Download it here. Once installed goto your add on manager. Check box 'always open in new window' (you don't have to do this, however i find it a lot easier to actually see the headers as they fly by with a new window full screen). Goto the bottom right corner and find the 'http fox' button. Click it to open HTTP fox in a new window. Now that its open it looks like this: Go back to your original FF window and visit google. Enter 'Buy Tools' and hit enter. You should get results like this : Go to the HTTP fox window Click clear to clear any headers there, and then click start. Go back to the SERPS and click on an ad. I used Lowe's (if your not from the states your going to get different results. . doesn't matter its just an example). Now go back to your HTTP fox window. Use the scroll bar to scroll back up to the top. It should look like this: Click on the first result. When you do it will open the header info. in the bottom section. Use the up and down arrows to go up and down each different request. In this example I am going to inspect the second GET (request). In this case i'm going to examine what referrer lowe's gets when that google sends them a paid link. We can see a lot of great information here. I can see in the top portion that i'm looking at the get request that is a 302 redirect to lowes. In the bottom section there is a lot more goodies. Here we can see the referrer is a massive google link that is unique each time (i hate them for this). We can also see the user agent info that was passed (firefox in this case). Also we can see the request line was to GET an interior redirect link, and the 'host' is some interior redirecting system. If you go down to the next header packet, you will see that the host is lowes, and from here on out . . its all communications with the lowes page. In this example i can tell for sure that google passed that wild insanely long redirect link as the referrer to lowes. The point of this is to get you acquainted with the http header and what the raw packet actually is sending. Now you can use this to check any of your pages and see what referrer you are actually passing along. THIS IS IMPORTANT because a lot of people say a lot of shit that isn't true. Now you can check for yourself, well at least on firefox. . . which leads to How do we check this on all other browsers one might use. That is a great question. To do that I use wireshark. Its a freeware, download it here Wireshark is a lot more advanced and measures every imaginable packet that goes across your computer and network, Its crazy, and to be honest I really don't understand most of it, its over my head. Install the software then open it up. It should look like this. . IN THIS EXAMPLE WE ARE ONLY USING IT TO SNIFF GET REQUESTS ON YOUR MACHINE. This is highly simplified, so just follow along. Click on Capture in the nav bar. Select Capture filters. Click New. Now select the filter string and enter the following code: port 80 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420 Label the name 'GET request' It should look like this: Click ok. . Now go back to Capture in the nav. bar. and select 'Options'. Click the right drop down on the interface option and select 'Microsoft / blahblahb' or whatever you have for your computer. Now click the button Capture Filter, it will open a pop up box. Select your newly created 'GET request' filter we just made. It should look like this: Click start. Now you will see a big blank area that is going to fill up fast, once you start browsing on any browser. Try it out by surfing around the web. Before you know it there will be a lot of packets to look at. Now at any time you can just press CTRL+R to reset and clear all packets. When you get to the point of where you want to examine a referrer, press CTRL+R, and then click the link you want to check in your browser. Then Go back to wireshark and Stop or pause the stream and you will have a much more manageable list of packets to look at. Examine the packets as i told you earlier. HTTP headers are more or less the same, and pass the same info around in slightly different ways. Now you should have a good way to see what is actually going across your HTTP headers as you surf the net and check links. You are going to see some funny stuff, that you never knew was happening, especially as you check other browsers. The amount of requests that go to google is disturbing. Hope you enjoy the Tut. . .I don't write them a lot so excuse the long winded descriptions and any missed statemetents or mistakes.