Referer Header
The Referer request header contains the address of the page making the request.
The Referer header allows servers to identify where people are visiting them from.
May use that data for analytics, logging, or optimized caching.
Sometimes used for access control.
Fully user controllable.
First hit: No Referer
GET https://elearning.ua.pt/ HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Cookie: _ga_RWZB1HRVYE=GS1.1.1605202432.1.1.1605202861.0; _ga=GA1.1.857190253.1605202434;
_gid=GA1.2.1334581424.1605202436; _hjTLDTest=1; _hjid=25f0d0c2-0616-4e02-86b2-ba6a336f5a99;
_hjFirstSeen=1; _hjAbsoluteSessionInProgress=0
Upgrade-Insecure-Requests: 1
Host: elearning.ua.pt
Subsequent request
GET https://elearning.ua.pt/theme/adaptable/style/print.css HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Connection: keep-alive
Referer: https://elearning.ua.pt/
Cookie: _ga_RWZB1HRVYE=GS1.1.1605202432.1.1.1605202861.0; _ga=GA1.1.857190253.1605202434;
_gid=GA1.2.1334581424.1605202436; _hjTLDTest=1; _hjid=25f0d0c2-0616-4e02-86b2-ba6a336f5a99;
_hjFirstSeen=1; _hjAbsoluteSessionInProgress=0; MoodleSession=bcsqms7e7h324mmv1s46favccl
Host: elearning.ua.pt
Expected meaning:
User accessing
/internal/private.html
, and came from/loggedin
therefore it was authenticated.
In reality:
The 'Referer' header MAY be set by the browser.
Was meant for origin authentication, but is used for authorization.
Falls in the TOCTOU: Time-of-check time-of-use.
Last updated