Hide Referer Information using PHP and Javascript

Posted: 26 March, 2009 in Programming

Hide browser referer information with this piece of PHP code sparkled with little javascript to fix IE back button and learn how to implement it on your web site.

Hiding the referer prevents your web page url from appearing on other systems referrer logs.

This information is sent by browsers to the web server of the web site page you are visiting. Web servers log this information to identify the website pages where people are visiting from, for statistical, promotional and security reasons.

However, because referer information is a url of the web page where you were on before clicking on a link, it might contain confidential information that must not be exposed. One example is appending SESSION ID to the url. When user clicks on an external link from that page, SESSION ID is also sent as part of referer url to that external page and this is one way to hijack sessions.

To hide the referer information, implement a redirector page say “redir.php” and put in the html code below:

<html>
<head>
<meta http-equiv=”refresh” content=”0;URL=<?php echo $_GET[‘url’]; ?>” />
</head>
<body>
</body>
</html>

The code above only works on Internet Explorer or IE and Firefox browsers. And it breaks the IE back button. Here is a fix:

<html>
<head>
<meta http-equiv=”refresh” content=”0;URL=<?php echo $_GET[‘url’]; ?>” />
</head>
<?php if (preg_match(‘/^Mozilla\/.*?\(compatible; MSIE (8|7|6|5)\..*?\)/’, $_SERVER[‘HTTP_USER_AGENT’])) : ?>
<script type=”text/javascript”>
window.self.location.replace(‘<?php echo $_GET[‘url’]; ?>’);
</script>
<?php endif; ?>
<body>
</body>
</html>

The code now contains a condition to match IE browsers then insert the Javascript code to fix IE back button.

On your pages, prefix the href of the external links with redir.php?url= like below:

<a href=”/redir.php?url=http://www.jampmark.com”>

There are a number of reasons why you would hide the referer information but please use it wisely.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s