how to block or remove http_referer header?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
Leafgreen
Forum Newbie
Posts: 3
Joined: Tue Mar 11, 2008 7:30 am

how to block or remove http_referer header?

Post by Leafgreen »

Hi! After my site users click on a link on my site, can I block or remove the http_referer header information sent to the destination site? :?: Many users are asking to remain anonymous. I tell them that some browsers such as Firefox can be config'ed to not pass the http_referer header (and other environment variables), but most don't use FF, or they aren't technical enough. :roll:

Anyway, is there a way I can do it with my website?
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: how to block or remove http_referer header?

Post by Mordred »

No this is a client-side header. If some users are "asking to remain anonymous", but are not willing to learn to use the software that would help make them so, the only solution is reprogramming them with a large axe ;)

Opera -> F12 -> Enable referrer logging

It doesn't get easier than that.
Unless you count the axe solution :)
User avatar
Leafgreen
Forum Newbie
Posts: 3
Joined: Tue Mar 11, 2008 7:30 am

Re: how to block or remove http_referer header?

Post by Leafgreen »

Asking users to install a different browser is not realistic, but thanks anyway.
User avatar
Mordred
DevNet Resident
Posts: 1579
Joined: Sun Sep 03, 2006 5:19 am
Location: Sofia, Bulgaria

Re: how to block or remove http_referer header?

Post by Mordred »

Then there is but one option remaining...
Image
User avatar
Leafgreen
Forum Newbie
Posts: 3
Joined: Tue Mar 11, 2008 7:30 am

Re: how to block or remove http_referer header?

Post by Leafgreen »

no, here's another way!
Image
Post Reply