[thelist] Referer Headers
Jason Handby
jason_handby at illustraresearch.com
Fri Jul 16 05:38:32 CDT 2004
Hi John,
> I have a few intranet pages here which link to some
> competitors websites, and I don't really want them to be able
> to see the referer headers in their log files, as they give
> away all sorts in internal information which for security
> reasons I don't want other people to see (the scripting
> language used, internal IP addresses, etc). Is there any way
> to ask a browser not to supply a referer header?
I'm pretty sure you don't get a referer header if you use a server-side
redirect (e.g. Response.Redirect in ASP), or if you use client-side
javascript to navigate to the page. I think browsers only send a referer
header when you click on a conventional link. I don't know if there's a
standard for this though.
In your position, I would try building a gateway page on your site, passing
the URL you want as a querystring parameter to that gateway page, and then
doing a server-side redirect from your gateway page to the URL in the
querystring.
Or you could try using client-side javascript to do the redirect:
<a href="javascript:window.location =
'http://www.competitor.com/linkpage.aspx'">click</a>
but then there are lots of reasons (accessibility, compatibility...) why you
might not want to use Javascript to do this.
Jason
More information about the thelist
mailing list