Did you know the ‘Referer’ in HTTP is spelt wrongly?

Well it is. Here is what’s written in the RFC 2616 – Hypertext Transfer Protocol — HTTP/1.1:

The Referer[sic] request-header field allows the client to specify, for the server’s benefit, the address (URI) of the resource from which the Request-URI was obtained (the “referrer”, although the header field is misspelled.) The Referer request-header allows a server to generate lists of back-links to resources for interest, logging, optimized caching, etc. It also allows obsolete or mistyped links to be traced for maintenance. The Referer field MUST NOT be sent if the Request-URI was obtained from a source that does not have its own URI, such as input from the user keyboard.

[code lang=”bash”]Referer = “Referer” “:” ( absoluteURI | relativeURI )[/code]


[code lang=”bash”]Referer: http://www.w3.org/hypertext/DataSources/Overview.html[/code]

If the field value is a relative URI, it SHOULD be interpreted relative to the Request-URI. The URI MUST NOT include a fragment. See section 15.1.3 for security considerations.

The referrer, or HTTP referrer — also known by the common misspelling referer that occurs as an HTTP header — identifies, from the point of view of an internet webpage or resource, the address of the webpage (commonly the URL, the more generic URI or the i18n updated IRI) of the resource which links to it. By checking the referrer, the new page can see where the request came from. Referrer logging is used to allow websites and web servers to identify where people are visiting them from, for promotional or security purposes. Referrer is a popular tool to combat cross-site request forgery, but such security mechanisms do not work when the referrer is disabled. Referrer is widely used for statistical purposes. (Source: Wikipedia)