Referer Hiding
Most web servers maintain logs of all traffic, and record the HTTP referer sent by the web browser for each request. This raises a number of privacy concerns, and as a result, a number of systems to prevent web servers being sent the real referring URL have been developed. These systems work either by blanking the referer field or by replacing it with inaccurate data. Generally, Internet-security suites blank the referer data, while web-based servers replace it with a false URL, usually their own. This, of course, raises the problem of referer spam. The technical details of both methods are fairly consistent – software applications act as a proxy server and manipulate the HTTP request, while web-based methods load websites within frames, causing the web browser to send a referer URL of their website address. Some web browsers give their users the option to turn off referer fields in the request header.
Most web browsers do not send the referer field when they are instructed to redirect using the "Refresh" field. This does not include some versions of Opera and many mobile web browsers. However, this method of redirection is discouraged by the World Wide Web Consortium (W3C).
If a website is accessed from a HTTP Secure (HTTPS) connection and a link points to anywhere except another secure location, then the referer field is not sent.
The upcoming standard HTML5 will support the attribute/value rel = "noreferrer" in order to instruct the user agent not to send a referer.
Read more about this topic: HTTP Referer
Famous quotes containing the word hiding:
“O hiding hair and dewy eyes,
I am no more with life and death,
My heart upon his warm heart lies,
My breath is mixed into his breath.”
—William Butler Yeats (1865–1939)