I know it's possible to get an empty HTTP_REFERER. Under what circumstances does this happen? If I get an empty one, does it always mean that the user changed it? Is getting an empty one the same as getting a null one? and under what circumstances do I get that too?
ベストアンサー1
It will/may be empty or partial when the enduser
- entered the site URL in browser address bar itself.
- visited the site by a browser-maintained bookmark.
- visited the site as first page in a new window/tab/session, in some browsers.
- clicked a link on a page having restrictive
<meta name="referrer">
tag. - clicked a link on a page having restrictive
Referrer-Policy
header. - clicked a link having
rel="noreferrer"
. - clicked a link in an external application (i.e. not a webbrowser, e.g. Flash).
- switched from a https URL to a http URL.
- has security software installed (antivirus/firewall/etc) which strips the referrer from all requests.
- is behind a proxy which strips the referrer from all requests.
- visited the site programmatically (like, curl) without setting the referrer header (bots!).