The Referer Problem

Read Time:1 Minute, 9 Second

Most people aren’t aware their browser opens them up for tracking. Let’s fix that.

In May 1996, a new HTTP header was added into a RFC document. Fittingly named “Referer”, originating from a common spelling error, it was a mechanism for checking which site a request originated from.

In the original proposition, it was seen as a solid method of tracking broken links; fixing website errors; and analytical purposes.

Let’s take a hypothetical example. I’ve included a link in my blog which takes you to Twitter. If you were to click this link, Twitter would open. Amazing, right?

But there’s a catch.

The request is now sent with Referer: https://resynth1943.net/my-blog-article/, which tells Twitter you read my blog, and the article you opened Twitter from. This lays a fundamental base for user tracking. It could also be used to monitor which pages a user has browsed.

I also wrote a blog article about DuckDuckGo’s attempts to prevent search query leaks in the Referer header. Check it out!

Scary stuff!

Fast track 24 years later to 2020, and Referer is still a problem. It’s commonly being used by agencies like Google, e.g. with Google Analytics, to track a user’s browsing history on hundreds of millions of websites.


Hmm. I need to review the advice I last put up on here, to ensure it’s all correct. Apologies!

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %