JSON - what http headers are sent from browser to external server json file

Question

Let's imagine the following situation.

I have a website mysearchengine.com and then I use search suggestions from external sites, for example eniro.no:

http://map01.eniro.no/search/search.json?q=de&index=yp_sug&profile=pl&pageSize=10&callback=C

Does eniro.no can see that their JSON is requested from website mysearchengine.com?

My issue is that I want to use some JSON resources of another (not my) server and I wonder if it is seen for them that I'm doing that?

The above is only an example, easiest I found to show my question about how JSON works.

Answer 1

Are you looking to have a user click a button on your site, and your site will make a GET request, in javascript, to another site, and then put content on your site? That's called Cross Origin Resource Sharing (CORS).

If you're controlling the javascript, you can insert additional headers into the request, and since it's the user's browser that's making the request, the site will only see that user's information, not your site's.

Besides that, the answer by Andrew M. is correct, based on the browser, there will probably be a referred header sent, and I am not sure you can get rid of it through JS.

Answer 2

Yes, in one of two main ways:

HTTP Referrer Header: http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html#z14

Direct IP address logging: If they log your IP address, they could potentially do a reverse lookup to find your web address. Alternatively, if you are under a shared IP, they may just block your IP address if you are abusing their web resources.

Note: You can choose whether to pass the referrer header or not. It is up to your server. However, there is no way to mask what computer/server requests the remote resource (yes, using a proxy they will be able to tell that the proxy's IP requested the resource, but that is beside the point).