http_referer in sp2

Archived from groups: microsoft.public.windowsxp.basics (More info?)

I have the impression that browsers running on windows xp sp2 no longer send
the header that is used by IIS for the http_referer variable. I was looking
into the list of security changes for sp2 and can't find anything related to
this.
Is this an intended security measure or a side-effect? In any case is there
anything that can be done on the client side (change something in advanced
settings or security) so that the browser can send this again (preferrably
to specified websites only)

Koen.
1 answer Last reply
More about http_referer
  1. Archived from groups: microsoft.public.windowsxp.basics (More info?)

    "Koen" <kp@remove-this.bvdep.com> wrote in message
    news:%23tg91X89EHA.3616@TK2MSFTNGP11.phx.gbl...
    >I have the impression that browsers running on windows xp sp2 no longer
    >send the header that is used by IIS for the http_referer variable. I
    >was looking into the list of security changes for sp2 and can't find
    >anything related to this.
    > Is this an intended security measure or a side-effect? In any case is
    > there anything that can be done on the client side (change something
    > in advanced settings or security) so that the browser can send this
    > again (preferrably to specified websites only)
    >
    > Koen.
    >


    More likely is that your firewall or some content filtering proxy is
    stripping out the Referrer header from your outbound HTTP traffic. For
    example, Norton's firewall would block Referrer by default but you could
    add a web rule to allow it for certain [host.]domains.

    SP-2 did not change the browser from including Referrer so a page can
    see from whence you hail (i.e., where you came from). Run the test at
    PCFlank.com to see if Referrer is reported by your browser and setup. I
    used to use Norton's firewall which blocked Referrer by default so it
    passed their test, but I've switched to the freebie version of Sygate
    Personal Firewall (which does not include the stealth browsing feature
    of their Pro version) and Referrer does get reported. Personally I'm
    not scared of a site knowing how I got to it. Banks and several sites
    will use Referrer to make sure you get to one of their pages only from
    one of their other pages or from an authorized other-domain that has a
    link to their page. I had to keep adding web exceptions to allow
    Referrer to lots of legitimate sites that I visited.

    --
    _________________________________________________________________
    Post your replies to the newsgroup. Share with others.
    E-mail: vanguard_help AT yahoo.com (append "#NEWS#" to Subject)
    _________________________________________________________________
Ask a new question

Read More

Security Browsers Windows XP