← Back to Topics

Referer Header Reliability

Discussions center on the HTTP Referer header's unreliability due to modern browser privacy features that suppress, fake, or omit it, with advice against relying on it for web functionality.

📉 Falling 0.4x Web Development
2,091
Comments
20
Years Active
5
Top Authors
#1357
Topic ID

Activity Over Time

2007
3
2008
12
2009
59
2010
95
2011
137
2012
167
2013
164
2014
125
2015
114
2016
132
2017
91
2018
165
2019
149
2020
78
2021
191
2022
122
2023
130
2024
65
2025
80
2026
12

Top Contributors

mike-cardwell (17) account42 (12) userbinator (9) Smerity (9) bscphil (8)

Keywords

lobste.rs brave.com mozilla.org site.com IMO HN JWZ reddit.com network.http google.com header browsers browser send headers sites visits redirect sent site

Sample Comments

ben0x539 Aug 3, 2012 View on HN

Referrer header considered harmful yet? :-)

still_grokking Nov 28, 2021 View on HN

Modern browsers suppress the referrer. Relying on it for functionality is not a good idea.

bouncycastle Dec 14, 2019 View on HN

How about referring from a https site? AFAIK, browsers don't send a referrer from s https site.

account42 Mar 10, 2021 View on HN

Browsers are not guaranteed to send Referer headers and some choose not to (or send fake ones) due to the privacy implications.

stesch May 18, 2013 View on HN

Please stop relying on the Referer header. It can be forged and is often enough removed completely for privacy reasons.

z3t4 Mar 3, 2019 View on HN

Hmm. I thought browsers stopped giving out referrer years ago ... !?

geraldhh Mar 20, 2024 View on HN

browsers started to limit referrer info a few years ago, this might be a workaround.

someweirdperson Dec 12, 2022 View on HN

Does anyone not have their referer header supressed or faked?

vog May 12, 2016 View on HN

Do you have a privacy browser extension which suppresses the Referer header? (which is really all this workaround is about)

awqrre Nov 22, 2016 View on HN

That doesn't work when your browser doesn't send referers...