WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: HTTP REFERER not set in Internet Explorer

From: "Richard M. Smith" <rms () computerbytesman com>
Date: Wed, 16 Nov 2005 19:43:53 -0500
One thing to keep in mind.  Some client-side privacy software blocks HTTP
referers.  Therefore there might be other situations where you'll see blank
referers.

Richard 

-----Original Message-----
From: Saqib Ali [mailto:docbook.xml () gmail com] 
Sent: Wednesday, November 16, 2005 11:17 AM
To: webappsec () securityfocus com
Subject: HTTP REFERER not set in Internet Explorer

Hello,

I am writing a secure application that tracks users on a website by use of
HTTP_REFERER. But see like Internet Explorer is not properly populating this
field.

Visit the following website using IE and Firefox.
http://www.xml-dev.com/blog/referer_test.php

And click on the Link that says "Click Here"

With Firefox, the correct HTTP_REFERER will be displayed after you click the
link. But with I.E. the HTTP_REFERER is set to blank.

Has anyone ran into this issue? How did you make your application compatible
with both I.E and Mozilla based browsers?

Because of some security concerns I need the HTTP_REFERER to be set
correctly. If it is not possible, I will have to restrict my users to a
Mozilla based browser.

--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.
Previous By Date Next
Previous By Thread Next

Current thread: