IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [referer]

Referer is the HTTP request header field that contains the address of the webpage from where the request for a web resource originated.

Referer tells the web server the address of web page from where the resource was requested. It is a misspelling of referrer but the incorrect spelling is used by most of the standards. Referers are generally logged by web applications for analytics. Referer is not present for HTTP requests where the link is entered manually in the browser or it was bookmarked. HTTP referer can be easily spoofed/blocked by the client.

44 questions
3
votes
1 answer

Retrieving CSRF token from third party website form using XHR (JavaScript)

I know they say CSRF tokens are the most secure way to prevent CSRF attacks but what if someone uses XHR to retrieve the page containing the csrf token along with the form and then use that token for his attacks? Why they don't say "Referer" header…
rez
  • 133
  • 4
3
votes
1 answer

Why does not Referer header use “same-origin” by default?

Same origin policy is an important part of the security model so it is "on" by default for most things, but for the referer it does not seem to be so. The default for browsers seem to be no-referrer-when-downgrade which in practice is close to…
Ilya Chernomordik
  • 2,197
  • 1
  • 21
  • 36
3
votes
1 answer

Is using Gravatar in a web application with "private" URLs a security issue?

In our application, there is a kind of a "share" feature that sends an email to a user-provided address. This email contains a link with a secret access token (as part of the URL) that is valid for a few days. The page where this that link points to…
theDmi
  • 395
  • 2
  • 10
2
votes
1 answer

Whitelist for HTTP request

Malicious request can come in the form of user agent string, referrer or cookie. To prevent being pawned by zero day attacks such as Shellshock, I have created a whitelist of characters for user agent string: a-zA-Z0-9,.:;?/ ~!@()+_- Is the above…
user68811
  • 21
  • 1
2
votes
2 answers

What was the security vulnerability behind Box and Dropbox and what's different now?

Earlier today I received a number of comments saying that my shared links were disabled. I looked around and saw a number of articles explaining what happened, and Dropbox posted an official statement For background, whenever you click on a link in…
MxLDevs
  • 313
  • 1
  • 2
  • 8
2
votes
1 answer

Is there any way to pretend like we are routing our request via cloudflare?

There is this Web App which uses cloudflare and to bypass certain things I had to find a way to access the actual web server directly. I tried numerous things and finally I think I have found the actual server's IP but seems like direct access to IP…
John
  • 21
  • 2
2
votes
1 answer

http referer security

quoting from Referer header: privacy and security concerns For example, consider a "reset password" page with a social media link in a footer. If the link was followed, depending on how information was shared the social media site may receive the…
user211245
  • 79
  • 3
2
votes
1 answer

Why is there no referer when pointing to a secure page?

I participate to a bug bounty program and try to find serious vulnerability to expose. Firstly, I found that the company was not using CSRF token, instead of that, they use Referer to ensure the request is made from https://example.com. Referer tend…
Xavier59
  • 2,874
  • 3
  • 17
  • 34
2
votes
0 answers

Website Link Changed to Spam in Google Search Results

My website is the first result for the search term "word search solver" in Google. Recently, I noticed a huge drop in traffic (almost all my traffic comes from Google), so I did a quick search. What I found was that while Google still displays my…
Lukas
  • 121
  • 4
1
vote
2 answers

HTTP/S <-> HTTP/S cross-site requests: what do third-party websites know about where their objects are being referenced from?

There are four general cross-site request combinations security-wise, and I want to know whether ysite.com, in each case, knows that the reason I downloaded one of its resources was because I was visiting the specific URL that referenced it…
user21377
1
vote
0 answers

Emails about Referrer Bombing

I have received a couple of emails recently from site owners saying that they are finding referrer links in their stats with their URL path but my domain. So if a website has a page www.theirsite.com/blog/article1, they would find a referrer…
Matthew Xerri
  • 111
  • 1
1
vote
1 answer

Is it recommended to set Referrer-Policy explicitly when the browsers already has a default policy?

I wanted to explicitly define the referrer-policy as "strict-origin-when-cross-origin" in my web application. However, "strict-origin-when-cross-origin" is the browser's default policy when no referrer-policy is set explicitly. This is followed in…
Testers Logic
  • 43
  • 1
  • 4
1
vote
2 answers

How some sites prevent cross-site requests through referrer although there are redirections allowed

I read about referrer header that some sites use to allow only requests made by the pages of the site. So if I make a page hacker.com, and let this page make a request to https://twitter.com/i/flow/add_phone , twitter will refuse this request as the…
ibnSaadoosh
  • 123
  • 3
1
vote
1 answer

Why did browser authors not make 127.0.0.1/localhost-hosted webpages skip the referrer?

For a long time, I was so convinced that 127.0.0.1/localhost-hosted webpages, that is, with URLs such as: http://127.0.0.1/MySecretControlPanel/sensitive.php?stuff=goes&here=dude ... did not send the "HTTP referrer" header when you click hyperlinks…
Solace
  • 11
  • 1
1
vote
1 answer

If an application has an XSS vulnerabilty, can we bypass CSRF with referer header?

Let's say there is an XSS vulnerability in an application, and the application is not using any kind of CSRF token, just using the referer header to protect against CSRF. Referer header is validating properly. So in this case can we bypass the…
ZeroNullByte
  • 69
  • 7
1
2
3