Most people aren’t aware their browser opens them up for tracking. Let’s fix that.
In May 1996, a new HTTP header was added into a RFC document. Fittingly named “Referer”, originating from a common spelling error, it was a mechanism for checking which site a request originated from.
In the original proposition, it was seen as a solid method of tracking broken links; fixing website errors; and analytical purposes.
Let’s take a hypothetical example. I’ve included a link in my blog which takes you to Twitter. If you were to click this link, Twitter would open. Amazing, right?
But there’s a catch.
The request is now sent with
Referer: https://resynth1943.net/my-blog-article/, which tells Twitter you read my blog, and the article you opened Twitter from. This lays a fundamental base for user tracking. It could also be used to monitor which pages a user has browsed.
I also wrote a blog article about DuckDuckGo’s attempts to prevent search query leaks in the Referer header. Check it out!
Fast track 24 years later to 2020, and Referer is still a problem. It’s commonly being used by agencies like Google, e.g. with Google Analytics, to track a user’s browsing history on hundreds of millions of websites.
Hmm. I need to review the advice I last put up on here, to ensure it’s all correct. Apologies!