Shulou(Shulou.com)06/01 Report--

This article introduces the meaning and function of Referer in the Http request header. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

Front-end interview-the meaning and function of Referer in the Http request header

HTTP Referer is a part of header. When a browser sends a request to a web server, it usually brings Referer to tell the server which page the page is linked from, so the server can get some information for processing.

Effective hotlink protection

If there is a www.baidu.com link in www.google.com, click to enter the www.baidu.com, and its header information will contain: Referer= http://www.google.com

Only allow my own website to access my own image server. If the domain is www.google.com, then every time the image server fetches Referer to determine whether the domain name is www.google.com, if it is, continue to visit it, or block it.

After sending this http request to the server, if the server requires that it must be an address or addresses to access, and the referer you send does not meet his requirements, it will block or jump to the address he requested, and then access it through this address.

Prevent malicious requests

For example, if the static request ends with * .html and the dynamic request ends with * .shtml, then it can be used this way. All * .shtml requests must be Referer for my own website.

Empty Referer

Definition: the content of the Referer header is empty, or a HTTP request does not contain a Referer header at all (a request is not triggered by a link)

Enter the URL address of a resource directly in the browser's address bar, and the request will not include the Referer field, because this is a "out of thin air" HTTP request and is not linked from one place.

So in hotlink protection settings, what's the difference between allowing empty Referer and not allowing empty Referer?

Allowing Referer to be empty means that you allow direct access to browsers, for example.

Defense against CSRF

Compare the source address of the HTTP request, if the address in the Referer is a secure and trusted address, then let it go.

So much for sharing the meaning and function of Referer in the Http request header. I hope the above content can be helpful to you and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.