Blank Referer

Blank Referer
HTTP referer (originally a misspelling of referrer) is an HTTP header field that identifies the address of the webpage  which derives the visits or visitor to the target website. By checking the referer, the taget webpage can see where the request originated.

Blank referer or Null referer is a kind of referer spoofing, which is described as  sending invalid referer information in an HTTP request in order to prevent a website from obtaining accurate data on the identity of the web page previously visited by the user.

To make the test setup,  make two files.
- page1.php – have a link on it to page2.php
- page2.php – use any one or combination of below said methods to hide referer of your site.
- ref.php –  just to display the referer.

You can achieve the desires results using a combination of these methods .

Tested Running Windows 7

Browsers Tested
Internet Explorer 8.0.7600
Firefox 3.6.6
Opera 10.60 Build 3445
Google Chrome
Safari 5.33.16.0 – Not related to the study but I noticed Safari is very slow compared to the other browsers

Possible test results: shows referrer (page2.php), blank referrer, doesn’t work

Manually click a link <a href=”http://tekkiram.com/ref.php”>Click Me</a>

IE: shows
FF: shows
O: shows
C: shows
S: shows
 
Meta refresh <meta http-equiv=”refresh” content=0;url=”http://tekkiram.com/ref.php”>

IE: blank
FF: blank
O: shows
C: shows
S: shows
 
Slow meta refresh <meta http-equiv=”refresh” content=”5; URL=http://tekkiram.com/ref.php”>

IE: blank
FF: blank
O: shows
C: shows
S: shows

DMR – Double Meta Refresh
Page 1 – <meta http-equiv=”refresh” content=0;url=”page2.php”>
Page 2 – <meta http-equiv=”refresh” content=0;url=”http://tekkiram.com/ref.php”>

IE: blank
FF: blank
O: shows
C: shows
S: shows

PHP Header Replace
header(‘Location: http://tekkiram.com/ref.php’);

IE: blank/shows*
FF: blank/shows*
O: blank/shows*
C: blank/shows*
S: blank/shows*

*Warning, only works if direct navigation to redirect page (page2.php) otherwise shows page that linked to redirect page (page1.php).  Basically it takes on the exact referrer of the page referred to it.  So if the page that referred to it is blank it’ll pass blank, if the page referred to it had a referrer it’ll preserve that referrer.

Javascript Location Replace
<head>
<script language=”javascript”><!–
location.replace(“http://tekkiram.com/ref.php”)
//–>
</script>
</head>

IE: blank
FF: shows
O: shows
C: shows
S: shows
 
Javascript Automatic Form Submit
<head>
</head>
<body>
<form name=”myform” action=”http://tekkiram.com/ref.php” method=”get”></form>
<script language=”javascript”><!–
document.myform.submit()
//–>
</script>

IE: shows
FF: shows
O: shows
C: shows
S: shows

Javascript Automatic Link Click
<body onload=”javascript:document.links[0].click();”>
<a href=”http://tekkiram.com/ref.php”></a>

IE: shows
FF: doesn’t work
O: doesn’t work
C: doesn’t work
S: doesn’t work

Javascript Window Location Redirect
<script type=”text/javascript”> window.location = “http://tekkiram.com/ref.php” </script>

IE: blank
FF: shows
O: shows
C: shows
S: shows

Site in iFrame
<iframe src =”http://tekkiram.com/ref.php” width=”100%” height=”100% frameborder=0 scrolling=”0” >
  <p>Your browser does not support iframes.</p>
</iframe>

IE: shows
FF: shows
O: shows
C: shows
S: shows

Anonym.to
http://anonym.to/?http://tekkiram.com/ref.php

IE: blank
FF: blank
O: shows referrer
C: shows referrer
S: shows referrer

Referer.us
http://referer.us/http://tekkiram.com/ref.php

IE: blank
FF: blank
O: blank
C: blank
S: blank

Javascript Parent Location
<iframe src=”javascript:parent.location=’http://tekkiram.com/ref.php'” style=”visibility:hidden”></iframe>

IE: blank
FF: shows
O: blank
C: blank
S: blank

iFrame Parent Post
<script>
  function go(){
    window.frames[0].document.body.innerHTML='<form target=”_parent” action=”http://tekkiram.com/ref.php”></form>';
    window.frames[0].document.forms[0].submit()
  }   
</script>
<iframe onload=”window.setTimeout(‘go()’, 99)” src=”about:blank” style=”visibility:hidden”></iframe>

IE: blank
FF: blank
O: blank
C: blank
S: blank

Comments