Team LiB
Previous Section Next Section

The "Referer"

Every HTTP transaction includes a "referer" header that indicates the document that referred the current URL to the server. Yes, the term referer is misspelleda spelling error was made in an early version of the HTTP standard and it has stuck with us for reasons of backward compatibility. The referer header is very useful for tracking connections between documents and analyzing 404 errors, among other purposes.

One thing to understand about the referer header is that it can be easily forged. A common use for the referer header is to analyze inbound hyperlinks to a Web page or site. By programmatically setting the referer field with a PHP program and then requesting a document from a given website (A), the referer field will make that site think that a link was created from (B) to (A), even when no such link exists.

Suppose that a user of a website follows this hyperlink:

<A href="">Status</A>

from within a Web page located at the URL

The user's client, the Web browser, will then send back to the Web server located at the following HTTP transaction:

GET /status.php HTTP/1.1

When you are programming with PHP, the $_SERVER variable gives access to the referer value as shown next:

$referer = $_SERVER['HTTP_REFERER'];

    Team LiB
    Previous Section Next Section