$_SERVER['HTTP_REFERER'] missing

Question

I want to use $_SERVER['HTTP_REFERER'] in my site but i get the following:

Notice: Undefined index: HTTP_REFERER 

I have tried printing $_SERVER. This outputs the following:

Array
(
    [HTTP_HOST] => 192.168.1.10
    [HTTP_USER_AGENT] => Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    [HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5
    [HTTP_ACCEPT_ENCODING] => gzip, deflate
    [HTTP_CONNECTION] => keep-alive
    [PATH] => /sbin:/usr/sbin:/bin:/usr/bin
    [SERVER_SIGNATURE] => Apache/2.2.3 (CentOS) Server at 192.168.1.10 Port 80
    [SERVER_SOFTWARE] => Apache/2.2.3 (CentOS)
    [SERVER_NAME] => 192.168.1.10
    [SERVER_ADDR] => 192.168.1.10
    [SERVER_PORT] => 80
    [REMOTE_ADDR] => 192.168.1.77
    [DOCUMENT_ROOT] => /var/www/html
    [SERVER_ADMIN] => root@localhost
    [SCRIPT_FILENAME] => /var/www/html/sandeep/test/hash.php
    [REMOTE_PORT] => 53851
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_PROTOCOL] => HTTP/1.1
    [REQUEST_METHOD] => GET
    [QUERY_STRING] => 
    [REQUEST_URI] => /sandeep/test/hash.php
    [SCRIPT_NAME] => /sandeep/test/hash.php
    [PHP_SELF] => /sandeep/test/hash.php
    [REQUEST_TIME] => 1347365919
)

Can anyone help me to find HTTP_REFERER or suggest an alternative to HTTP_REFERER?

Answer 1

SOLUTION

As stated by others very well, HTTP_REFERER is set by the local machine of the user, specifically the browser, which means it's not reliable for security. However, this still is entirely the way in which Google Analytics monitors where you're getting your visitors from, so, it can actually be useful to check, exclude, include, etc..

If you think you should see an HTTP_REFERER and do not, add this to your PHP code, preferably at the top:

ini_set('session.referer_check', 'TRUE');

A more appropriate long-term solution, of course, is to actually update your php.ini or equivalent file. This is a nice and quick way of verifying, though.

TESTING

Run print($_SERVER['HTTP_REFERER']); on your site, go to google.com, inspect some text, edit it to be <a href="https://example.com">LINK!</a>, apply the change, then click the link. If it works, all is well and running precisely!

But maybe $_SERVER is wrong, or the test above says it's broken. Update your page with this, and then test again...

<script type="text/javascript">
    console.log("REFER!" + document.referrer + "|" + location.referrer + "|");
</script>

USES

I use HTTP REFERER to block spam sites in GoogleAnalytics. Below is a graph focusing on one particular website's referrals. From 0 to 44 in one day, it wasn't caused by real users. It was caused by a botted site trying to get my attention to buy their services. But it just started because php.ini was updated to ignore the referer, which meant these spam, junk garbage sites were not getting their appropriate ERROR 403, "Access Denied."

Answer 2

You can and should never assume that $_SERVER['HTTP_REFERER'] will be present.

If you control the previous page, you can pass the URL as a parameter "site.com/page2.php?prevUrl=".urlencode("site.com/page1.php").

If you don't control the page, then there is nothing you can do.

Answer 3

When a web browser moves from one website to another and between pages of a website, it can optionally pass the URL it came from. This is called the HTTP_REFERER, So if you don't redirect from one page to another it might be missing

If the HTTP_REFERER has been set then it will be displayed. If it is not then you won't see anything. If it's not set and you have error reporting set to show notices, you'll see an error like this instead:

 Notice: Undefined index: HTTP_REFERER in /path/to/filename.php

To prevent this error when notices are on (I always develop with notices on), you can do this:

  if(isset($_SERVER['HTTP_REFERER'])) {
      echo $_SERVER['HTTP_REFERER'];
   }

OR

 echo isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';

It can be useful to use the HTTP_REFERER variable for logging etc purposes using the $_SERVER['HTTP_REFERER'] superglobal variable. However it is important to know it's not always set so if you program with notices on then you'll need to allow for this in your code

Answer 4

function redirectHome($theMsg, $url = null, $seconds = 3) {
    if ($url === null) {
        $url  = 'index.php';
        $link = 'Homepage';
    } else {
        if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] !== '') {
            $url = $_SERVER['HTTP_REFERER'];
            $link = 'Previous Page';
        } else {
            $url = 'index.php';
            $link = 'Homepage';
        }
    }
    echo $theMsg;
    echo "<div class='alert alert-info'>You Will Be Redirected to $link After $seconds Seconds.</div>";
    header("refresh:$seconds;url=$url");
    exit();
}

Answer 5

Referer is not a compulsory header. It may or may not be there or could be modified/fictitious. Rely on it at your own risk. Anyways, you should wrap your call so you do not get an undefined index error:

$server = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";

Answer 6

From the documentation:

The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

http://php.net/manual/en/reserved.variables.server.php