Jump to content

Blanking The Referrer Using SSL/HTTPS

inVINCEable

By inVINCEable
in PHP Coding Help

 Share

Recommended Posts

inVINCEable Member

inVINCEable

Posted
Posted

Hey,

 

Ok, so I have a PHP application that is pretty concerned with security. Anyways, I am looking for a way to blank the referrer using PHP. I have been told it really isn't possible using PHP since all browsers behave differently. The best solution I have been told is to forward to my script, say test.php that is located on https://mydomain.com/test.php and then perform the redirect from the there and it will blank the referrer since it is using https and browsers do not/cannot forward the referrer information when the file is using SSL.

 

Can anyone confirm/deny/offer suggestions?

 

Thank you in advance.

 

 

Link to comment
https://forums.phpfreaks.com/topic/141683-blanking-the-referrer-using-sslhttps/
Share on other sites
MadTechie Regular Member

MadTechie

Posted
Posted

referrer is send via the browser.. if you site is contactinging anther site then you could use Client URL  (CURL and change the referrer to anything you like)

 

if it to redirect users then

So if you used 

<a href="http://www.google.com">google</a>

referrer is send (via your browser)

BUT using header should NOT pass a referrer (double check that)

ie

<?php
header("location: http://www.google.com");
?>

 

inVINCEable Member

inVINCEable

Posted
  • Author
Posted

Ok,

 

Sweet! Looks like header() doesn't send a referrer! That is pretty neat... so it is my understanding that people won't be able to tell where traffic is coming from when using header() to redirect them to their site, so they won't be able to tell people are coming from my site?

 

 

MadTechie Regular Member

MadTechie

Posted
Posted

referrer isn't much good really but the logs on the site to are re-directing people to will appear as if they the people entred the site directly (via the address bar)

 

NOTE: I have not done my own testing on this (so i am not 100% sure) but it should be as described, of course if someone tell them they was directed from your site then theirs not much you can do lol

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.