HTTP Referer not always being passed

I have an application which records users visits. None of these visits are directly accessed, 100% of these visits are referred from another site.

I am passing $_SERVER['HTTP_REFERER'] through to the database. Approximately 35% of the logged entrees pass a referer, the rest are blank.

Is there a reas开发者_如何学Con for this?

---

There are a couple of number of reasons why HTTP_REFERER might be blank.

1. You have to understand it's an environment variable given by the browser. Meaning users can remove it or even change it, if they so intend to.
2. Users accessing the link from a bookmark, history or by typing the link manually do not have a referer.
3. IE has also been known to remove the referer in situations revolving around javascript. Such as window.open, window.location and even setting target="_blank" in anchors or meta refresh.
4. Clicking an embedded link in a chat application, PDF/Word/Excel document, will also not set a referer.
5. Using AJAX, file_get_contents, fopen and other similar functions in other languages will probably not set a referer request.
6. cURL, fsockopen, applications that have browser-like components might not set a referer.

There are probably more situations when this could happen, I'll update if I can think of anything that seems reasonable.

---

If a user visits your site directly, there is no referrer. It's also possible they have set it up so their browser never sends the referrer.

According to this answer, browsers do not necessarily send a referrer when doing a meta refresh.

---

Browsers sometimes will include the referer in the request. But it is not mandatory to do so (the referer is 100% voluntary). Indeed there are various privacy and security issues surrounding the referer (for example, if an HTTPS site refers you to an HTTP site, the browser should not include the referring site as the referer). So don't rely on it.

---

When linking from one document to another in Internet Explorer 4.0 and later, the Referer header will not be sent when the link is from an HTTPS page to a non-HTTPS page. The Referer header also will not be sent when the link is from a non-HTTP(S) protocol, such as file://, to another page. for more info go to this link

---

1. Direct access to your page (typing URL in address bar or from bookmarks, history, etc)
2. Browser settings (disabled referrer or empty)
3. if someone requests page content with file_get_contents() function...

---

It is common when you are stuck finding why it is missing: - Sometime your referer is https and you are on http, it will be lost.

Otherwise: - User accessing by inputing url directly. - A user has bookmarked and come from bookmarks. - Sometime user keep the url default for browser (similar like bookmark) - Proxy surfying may remove referer. - accessing website as bots (search engine)

---

It also depends on the Transport layer, I encountered an issue where my Consumer Application A was running on the HTTP layer while the Application from where I was sending the request was running on the HTTPS layer.