Referer Header
The Referer request header contains the address of the page making the request.
The Referer header allows servers to identify where people are visiting them from.
May use that data for analytics, logging, or optimized caching.
Sometimes used for access control.
Fully user controllable.
First hit: No Referer
Subsequent request
Expected meaning:
User accessing
/internal/private.html
, and came from/loggedin
therefore it was authenticated.
In reality:
The 'Referer' header MAY be set by the browser.
Was meant for origin authentication, but is used for authorization.
Falls in the TOCTOU: Time-of-check time-of-use.
Last updated