HTTP Referer not always being passed

I have an application which records users visits. None of these visits are directly accessed, 100% of these visits are referred from another site.

I am passing $_SERVER['HTTP_REFERER'] through to the database. Approximately 35% of the logged entrees pass a referer, the rest are blank.

Is there a reason for this?

Here is Solutions:

We have many solutions to this problem, But we recommend you to use the first solution because it is tested & true solution that will 100% work for you.

Solution 1

There are a couple of number of reasons why HTTP_REFERER might be blank.

  1. You have to understand it’s an environment variable given by the browser. Meaning users can remove it or even change it, if they so intend to.
  2. Users accessing the link from a bookmark, history or by typing the link manually do not have a referer.
  3. IE has also been known to remove the referer in situations revolving around javascript. Such as, window.location and even setting target="_blank" in anchors or meta refresh.
  4. Clicking an embedded link in a chat application, PDF/Word/Excel document, will also not set a referer.
  5. Using AJAX, file_get_contents, fopen and other similar functions in other languages will probably not set a referer request.
  6. cURL, fsockopen, applications that have browser-like components might not set a referer.

There are probably more situations when this could happen, I’ll update if I can think of anything that seems reasonable.

Solution 2

If a user visits your site directly, there is no referrer. It’s also possible they have set it up so their browser never sends the referrer.

According to this answer, browsers do not necessarily send a referrer when doing a meta refresh.

Solution 3

Browsers sometimes will include the referer in the request. But it is not mandatory to do so (the referer is 100% voluntary). Indeed there are various privacy and security issues surrounding the referer (for example, if an HTTPS site refers you to an HTTP site, the browser should not include the referring site as the referer). So don’t rely on it.

Solution 4

When linking from one document to another in Internet Explorer 4.0 and later, the Referer header will not be sent when the link is from an HTTPS page to a non-HTTPS page. The Referer header also will not be sent when the link is from a non-HTTP(S) protocol, such as file://, to another page. for more info go to this link

Solution 5

  1. Direct access to your page (typing URL in address bar or from bookmarks, history, etc)
  2. Browser settings (disabled referrer or empty)
  3. if someone requests page content with file_get_contents() function…

Solution 6

It is common when you are stuck finding why it is missing:
– Sometime your referer is https and you are on http, it will be lost.

– User accessing by inputing url directly.
– A user has bookmarked and come from bookmarks.
– Sometime user keep the url default for browser (similar like bookmark)
– Proxy surfying may remove referer.
– accessing website as bots (search engine)

Note: Use and implement solution 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply