When you follow links on the internet, your browser will send a referral URL to the server to let it know where it has came from. This can often be useful to the server administrators, as you can use these to analyse how visitors are finding your site or a particular page.

However, there can also be times when the user does not to share this information. Some users might say that it is an invasion of privacy. You might also be coming from a corporate intranet, and are worried about sharing internal URLs with outside servers.

Luckily it is very easy to spoof or remove the referral URL. Some web browsers, such as Opera, allow the user to disable referrer logging1, while it can also be removed by the firewall or the anti-virus software. This method uses a small proxy script to trick the browser into thinking that there was no referral URL, as if a user has entered the URL straight into their browsers location bar.

The Script

The script itself is extremely simple and is shown below.

#!perl

print <<eot;
Content-type: text/htmln
<html><head>
<meta http-equiv="refresh" content="0; URL=$ENV{QUERY_STRING}">
<script type="text/javascript">
window.location="$ENV{QUERY_STRING}";
</script>
</head><body></body></html>
EOT

The variable $ENV{QUERY_STRING} contains the part of the link that comes after the first question mark. So for http://andrew-jones.com?http://wikipedia.org it would contain http://wikipedia.org. It does not do anything with the string, so any ampersands or further question marks are left as they are.

The script has two was of redirecting the user. The first uses the meta tag. This tells the browser to refresh instantly (0 seconds) and load the URL that is in $ENV{QUERY_STRING}. As the browser thinks it has just reloaded, it does not send the referrer information with the request.

As not all browsers understand the meta tag, we have also used some simple JavaScript to do the redirect. As you could probably guess, the JavaScript causes the browser to redirect to the location that we have set. This will probably not be used, as most browsers do understand the meta tag.

As a last resort we could also have made a HTML link that the user can click on if the browser will not redirect them, but this will cause the URL of the script to be used as the referrer URL, which may not be desirable.

Summary

So this very simple proxy script will take any URL that’s passed in and redirect the user without the browser passing a referrer URL, for whatever reason you might have. It also works with links that may contain parameters, such as:

http://www.google.co.uk/search?q=site:wikipedia.org+http