WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HTTP REFERER not set in Internet Explorer

From: Oleg Lecinski <oleg () ourmx com>
Date: Thu, 17 Nov 2005 14:45:35 +0300
Saqib Ali wrote:


Because of some security concerns I need the HTTP_REFERER to be set
correctly. If it is not possible, I will have to restrict my users to
a Mozilla based browser.


Even more, you will have to deal with problems from those users who
install various personal firewalls, since a lot of them (like Norton
Personal Firewall) don't allow sending HTTP_REFERER at all, IIRC. Using
it 4 years ago was ok, but my recent experience with HTTP_REFERER is
that you shouldn't use it these days unless you really have to (like
tracking which external site surfer comes from). Using it for anything
else (especially for security) is a guaranteed PITA.
Previous By Date Next
Previous By Thread Next

Current thread: