PHP $ _SERVER ['HTTP_REFERER'] vs. Javascript document.referrer?
Ultimately I need to know which domain one of my javascript files is in. I have read and experienced first-hand that $_SERVER['HTTP_REFERER']
unreliable. One of the first three browsers / computers you handled didn't send HTTP_REFERER
and I know it can be faked. I have implemented another solution using two javascript methods.
document.referrer
and
window.location.href
I use the former to get the url of the window where someone clicked on one of my links. I use the first one to find out which domain my javascript file is included in. I've tested it a bit so far and it grabs browser urls very well without hiccups. My question is, are the two JavaScript methods reliable? Will they return the url from the browser every time, or are there caveats how to use $_SERVER['HTTP_REFERER']
that I'm not running with yet?
source to share
You should always assume that any information about the referrer URI will be inaccessible (or possibly even unreliable) due to browsers or users wanting to hide this information due to privacy concerns.
In general, you will have no referrer information when linking from HTTPS to an HTTP domain. Check this question for more information on this:
About usage window.location.href
, I would say that it is reliable in practice, but only because it is interesting that the client will provide the correct information so that the applications will behave as expected depending on it.
Just keep in mind that this is still the client side sending you some information, so it will always be up to the browser to send you something correct. You have no control over this, just trust that it will work as specified in the standard. The customer can still choose to hide it or fake it for any reason.
For example, it is possible that in some situations, such as third party scripts (also immunity reasons), the browser might just leave it blank.
source to share