Search:  

 
theme to white backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » HTML referrers ('referers') in IE7
Search Topic:
Uniqs:
469		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
Hacker cracks hi-def DVD encryption »
« Gmail vulnerable to contact list hijacking  
AuthorAll Replies

pudelein

join:2005-06-18
Oak Ridge, TN

HTML referrers ('referers') in IE7

I normally use Firefox (2.0.0.1 at the moment) or Opera (currently 9.10); both of these have explicit settings for enabling or disabling HTML referrers (called 'referers' in HTML); in both cases sites such as GRC and PCFlank report the presence or absence of referrers as expected, with the exception that GRC reports that Opera sends referrers only to secure pages if they are enabled.

I had occasion recently to check this situation for IE7, which I use only rarely on my own machine, and was surprised to find that GRC reports IE7 to send referrers to secure pages, but not to nonsecure ones (the same as it reports for Opera); but PCFlank reports that IE7 always sends such referrers.

Does IE7 in fact send referrers? to all pages (secure and nonsecure)? If they are always sent, as PCFlank claims, what is wrong at GRC? Or, why is PCFlank wrong about the situation, if it is?

All comments on this are welcome. The reliability of testing sites is a worrisome issue.
to forum · permalink · · 2006-12-31 10:00:20 · Reply to this


Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire

 I don't block referrers generally, so on grc site, with ie7, i could see the referrer being sent on secure site test but not on non secure one.

Cudni
--
Some are born to failure, others achieve it, all deserve it.
Help yourself so God can help you.
MVP, Microsoft Windows Security 2006
to forum · permalink · · 2006-12-31 10:13:12 · Reply to this


hpguru
Curb Your Dogma
Premium
join:2002-04-12

reply to pudelein
I don't block referers but I do modify them so that they always reference the site I am currently visiting. I use Proxomitron to do this as it provides the same benefits to all my browsers. As far as I know there isn't any browser which allows the user to transmit a custom referer header like this. Blocking them is unsatisfactory and can cause problems at some sites will refuse to serve the requested content if the referer header is missing or invalid.
--
Where's Jesus?
Dear Jesus!
to forum · permalink · · 2006-12-31 10:40:13 · Reply to this

pudelein

join:2005-06-18
Oak Ridge, TN		reply to Cudni
Cudni,

Your experience is exactly the same as mine with IE7. GRC reports s referrer only at a secure page, not at a nonsecure one.

My concern is the difference between GRC and PCFlank on this issue: see my P above.
to forum · permalink · · 2007-01-02 14:52:47 · Reply to this


hpguru
Curb Your Dogma
Premium
join:2002-04-12
said by pudelein See Profile :

GRC reports s referrer only at a secure page, not at a nonsecure one.
IE (any version) always sends remote referer headers regardless of whether the http or https protocols are used. The only exceptions to this are if the connection to a remote site is launched from a url file (a Favorite), a link in a locally stored html document or email message, or a link embedded in a local application. In other words, locally originating referers are not sent. No browser should be sending these.

You can confirm what I have just said by using Proxomitron to view (and optionally modify) all of the outgoing headers sent by any of your web browsers in real time as well as the return headers transmitted back to your browsers in server responses.
--
Where's Jesus?
Dear Jesus!
to forum · permalink · · 2007-01-02 21:18:36 · Reply to this
Forums » Up and Running » Security » SecurityHacker cracks hi-def DVD encryption »
« Gmail vulnerable to contact list hijacking  

Saturday, 28-Nov 17:50:27 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [122] Time Warner Cable Fires Broadside At Broadcasters
· [112] New AT&T Ad Campaign Hits Back At Verizon
· [96] Apple Joins AT&T Verizon Snark Fest
· [87] New Bill Takes Aim At Higher Verizon ETFs
· [80] TiVo Sees Record Customer Losses
· [70] Verizon CEO: Hulu Will Be Dead Soon
· [69] In-Flight Internet Headed For Bumpy Landing?
· [63] Weekend Open Thread
· [62] Thanksgiving Open Thread
· [40] EFF Wages War On Fine Print
Most people now reading
· Windows 7 boot manager editing questions [Microsoft Help]
· Using AirMax to provide triple play services? [Wireless Service Providers]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· ToC 4th boss - Preliminary Strategy for Twin Valkyr [World of Warcraft]
· Why would I want an e reader? [General Questions]
· [ Classes] Druid tanking: rotation and glyphs [World of Warcraft]
· Gizmo5 has added a Google Voice section in its members area. [VOIP Tech Chat]
· [ PVP] 3.2 DK PvP D/W Spec... [World of Warcraft]
· Opera 10.10 keeps opening ICF ports - security issue? [Security]
· how to use the 2nd line with phone hooked to the 1st line? [VOIP Tech Chat]