Re: HTTP REFERER not set in Internet Explorer

["Dean H. Saxe" <dean () fullfrontalnerdity com>]

IIRC, the Referer header is not required by HTTP/1.1.  Never count on  
it being there.  If you are dependent on it for security, remember it  
is easily spoofed.

-dhs

Dean H. Saxe, CEH
dean () fullfrontalnerdity com
"I have always strenuously supported the right of every man to his  
own opinion, however different that opinion might be to mine. He who  
denies another this right makes a slave of himself to his present  
opinion, because he precludes himself the right of changing it."
    -- Thomas Paine, 1783



On Nov 16, 2005, at 11:16 AM, Saqib Ali wrote:

> Hello,
>
> I am writing a secure application that tracks users on a website by
> use of HTTP_REFERER. But see like Internet Explorer is not properly
> populating this field.
>
> Visit the following website using IE and Firefox.
> http://www.xml-dev.com/blog/referer_test.php
>
> And click on the Link that says "Click Here"
>
> With Firefox, the correct HTTP_REFERER will be displayed after you
> click the link. But with I.E. the HTTP_REFERER is set to blank.
>
> Has anyone ran into this issue? How did you make your application
> compatible with both I.E and Mozilla based browsers?
>
> Because of some security concerns I need the HTTP_REFERER to be set
> correctly. If it is not possible, I will have to restrict my users to
> a Mozilla based browser.
>
> --
> In Peace,
> Saqib Ali
> http://www.xml-dev.com/blog/
> Consensus is good, but informed dictatorship is better.