PHP - $_SERVER["HTTP_REFERER"];

Question

I am trying to build an application and I need to check the referrer URL which redirects to this page, the refered paged will not show... It works when it is a button but when the page otherwise redirects from another page, it remains blank. How can I do this??

Answer 1

It will/may be empty:

• when the end-user entered the site URL in browser address bar itself.
• visited the site by a browser-maintained bookmark.
• visited the site as first page in the window/tab.
• switched from a https URL to a http URL.
• switched from a https URL to a different https URL.
• has security software installed (antivirus/firewall/etc) which strips the referrer from all requests.
• is behind a proxy which strips the referrer from all requests.
• visited the site programmatically (like, curl) without setting the referrer header (searchbots!) by @BalusC

Also it means, you will not always have an referrer address. So you cannot trust the referrer address at all.

For example:

There is an small exploit that everyone can easily do it:

Go to any website, and inject a form-code, send data from this site to another site, so the destiny site will receive data from the injected site and not from you.

Never trust referrer addresses. Using a SESSION will most likely be the better route to prevent cross site form submissions.

I recommend to read:

• Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet

Answer 2

You can set a cookie with value of the referrer url in the header that expires in 5 seconds then Fetch it in the new script and redirect back to the referrer

Like this:

$current_url= base64_encode($url); //$url should point to the current url

setcookie("referrer",$current_url,time()+5);

Now you can get the stored url in your next script using:

$referrer= base64_decode($_COOKIE['referrer']);

And also redirect using:

header('Location: '.$referrer);