Why is a referrer header necessary?


I don't understand why a "referrer header" should be necessary in
order to check the validity of a page.

1.  I quote from the Shields Up! web site:


    What's the "Referer" header?
    The web's HTTP protocol was designed with little
    concern for a web surfer's privacy and well before
    aggressive commercial interests decided to track
    surfers across the web, while storing and compiling
    any personal information that might leak from their


    When a web resource is requested from a server, the
    "Referer" header line provides the requested server
    with the URL of the web page that requested the item.
    But if an online web form has just been filled out
    and submitted using the most common "GET" method, the
    web surfer's potentially personal and private data
    will appear in the URL and it will be sent to any
    third-party servers, such as advertising, tracking,
    or web-bug servers, whose resources appear on the
    form's submission confirmation page!

    The most common (mostly benign) example of this is
    search engine queries where the search terms appear
    in the "tail portion" of the search URL. What's not
    obvious to the casual surfer is that the sites of any
    links they follow from such a search system receive
    that entire URL which appears in the address window
    as the "referer" to the site. This means that sites
    can tell that you came from a web search site, which
    web search site, and what you entered into the search
    site to bring you to them.

    This example, in itself, is probably not much cause
    for privacy concern, but it does demonstrate the
    potential for personal information leakage through
    filling out online web forms.

I've turned off "Enable referrer logging" in my web browser
(opera 8.52); since then, I am unable to revalidate my pages

Before that, I could not do so by simply loading the original
file from my local machine into my web browser and clicking the
revalidate link.  (My actual pages are located on my ISP's system
but I create the pages on my local freeBSD machine.)

If I simply load a local file into my browser to check whether
changes have broken validity, I can't just click on the revalidate
link on that page; I must go to your home page and load the file.
A bloody nuisance that does not encourage me to keep my pages

Now I find that, even if I want to recheck pages on my ISP's
machine -- i.e. my personal web pages -- I much change the
preferances set on my web browser from the privacy-preserving
settings that I normally have set to allow referrer logging.
At best this is annoying.

I see no valid reason that that should be necessary to check a
given page for validity.  All that should be necessary for that is
the URL (or file name) of the page to be checked.

I want to check the page whose URL (or file name) I've given you;
Not where it came from.

I grant that I'm anything but an expert but this seems both
unnecessary and counter productive to me.

Unless, of course, the objective is to *permit* other sites to
invade my privacy.

Who's side are y'all on, anyway?

Charlie Sorsby
        P. O. Box 1225
        Edgewood, NM 87015

Why HTML in e-mail is evil: http://www.birdhouse.org/etc/evilmail.html
 and (possibly) how to turn it off: http://www.expita.com/nomime.html

Received on Wednesday, 5 April 2006 09:16:08 UTC