We help IT Professionals succeed at work.

HIde HTTP_REFERER

LikeLearn
LikeLearn asked
on
I have dynamically created page (url/firstpage.php
) with link to second page (url/firstpage.php).
when i am echo $HTTP_REFERER from second page i am get (url/firstpage.php). How i can hide $HTTP_REFERER from second page.



Comment
Watch Question

Commented:
Whats the question?

Commented:
Browsers will always send the referer, if they support it (which most popular browsers do).

There is no way to hide what page the link was on that led the browser to the second page.

Commented:
What's the problem ?
Don't echo it :)
You can do this:

unset($HTTP_REFERER);

Author

Commented:
I can't do anything in second script.
I need solve this problem by modifying only first
you see, LikeLearn, the HTTP_REFERER variable is *not* sent by PHP, instead, it is sent by the browser (see jlatour's comment).

Author

Commented:
Can i simulate browser from first script?
And post different HTTP_REFERER
Yes you can... let's say file1.html calls script2.php, well instead of calling it like this: <A HREF="script2.php">, you call it like this:

<A HREF="script2.php?HTTP_REFERER=">

that way, $HTTP_REFERER won't contain anything

or, <A HREF="script2.php?HTTP_REFERER=Hello">

$HTTP_REFERER will now contain Hello

Commented:
explain why you don't want to have the http_referer into the second script

Author

Commented:
to: Dragon Slayer
I try your advice and it's doesn't work
HTTP_REFERER always contains script1.php not "Hello"

Commented:
same idea

page1.php
<A HREF="script2.php?ref=hello">Test</a>

page2.php
<?
if (isset($ref))
{   $HTTP_REFERER = $ref;
    print $HTTP_REFERER;
}
?>

Commented:
Like I said before, the browser sends the Referer header, and there is nothing you can do about it (if PHP is configured correctly, the Referer header will override any HTTP_REFERER variable passed on in the GET request).

You can change it, but only if the script itself is being used as a browser, by just not sending the header (I think fopen in combination by HTTP doesn't send it), but when you want the browser to do it (i.e. by using an <A HREF="">) there's no way to prevent it.

Sorry.

Commented:
No comment has been added lately, so it's time to clean up this TA.
I will leave the following recommendation for this question in the Cleanup topic area:

Accept: jlatour

Please leave any comments here within the next four days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!

aolXFT
EE Cleanup Volunteer

Explore More ContentExplore courses, solutions, and other research materials related to this topic.