Home/ Questions/Q 973407
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T03:16:28+00:00

how do I spoof a referrer ? originalsite.com has header(Location: http://www.example.org); I tried putting

  • 0

how do I spoof a referrer ?

originalsite.com has

header("Location: http://www.example.org");

I tried putting header("Location: http://www.destination.com"); in example.org

but checking the referer at destination.com, it shows originalsite.com as referer not example.org !

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    To elaborate on cHao’s method:

    example.com has a file on the server called bounce.php which has the following code:

    <?php
// This is contained in bounce.php on example.com
$site = isset($_GET['site'])?$_GET['site']:null;
$safe_list = array("domain.com", "domain2.com"); // prevent others from using script for bad reasons

if (!empty($site) && in_array($site, $safe_list)) {
    header('Location: http://' . $site);
    exit;
}
?>

    This is an example on usage on otherdomain.com

    <?php
header('Location: http://example.com/bounce.php?site=domain.com');
exit;
?>

    That should ensure the “bounce”. But just know that if the user has the referrer turned off or set to something they wanted custom, this will not work for that situation.

    The safe_list is to help prevent someone from using that page for their own purposes, basically only sites you say can be bounced to are allowed.

    Update

    Hopefully that is what you are looking for and I did not mis-interpret it.

    • 0