In what cases will HTTP_REFERER be empty

by

It will/may be empty when the enduser

  • entered the site URL in browser address bar itself.
  • visited the site by a browser-maintained bookmark.
  • visited the site as first page in the window/tab.
  • clicked a link in an external application.
  • switched from a https URL to a http URL.
  • switched from a https URL to a different https URL.
  • has security software installed (antivirus/firewall/etc) which strips the referrer from all requests.
  • is behind a proxy which strips the referrer from all requests.
  • visited the site programmatically (like, curl) without setting the referrer header (searchbots!).

More Related Contents:

  1. Disable cross domain web security in Firefox
  2. Is HTTP header Referer sent when going to a http page from a https page?
  3. Difference between CSRF and X-CSRF-Token
  4. Difference between Hashing a Password and Encrypting it
  5. Salt Generation and open source software
  6. Is “double hashing” a password less secure than just hashing it once?
  7. Practical non-image based CAPTCHA approaches?
  8. The necessity of hiding the salt for a hash
  9. Remove Server Response Header IIS7
  10. Classic ASP SQL Injection Protection
  11. Is it safe to enable CORS to * for a public and readonly webservice?
  12. Password hashing, salt and storage of hashed values
  13. How are software license keys generated?
  14. Preventing Brute Force Logins on Websites
  15. Are Google Cloud Functions protected from DDoS attacks?
  16. Does HTML5 allow you to interact with local client files from within a browser
  17. Docker and securing passwords
  18. OAuth2 and Google API: access token expiration time?
  19. What is the best Distributed Brute Force countermeasure? [closed]
  20. How to remove ASP.Net MVC Default HTTP Headers?
  21. https URL with token parameter : how secure is it?
  22. SSL Error: unable to get local issuer certificate
  23. curl – Is data encrypted when using the –insecure option?
  24. How to redirect all HTTP requests to HTTPS using .htaccess rules?
  25. How to pass the value of a variable to the standard input of a command?
  26. Keygen tag in HTML5
  27. Remember me Cookie best practice?
  28. buffer overflow example from Art of Exploitation book
  29. Am I under risk of CSRF attacks in a POST form that doesn’t require the user to be logged in?
  30. Understanding CSRF

Leave a Comment