My service might use referer information to tell from what web开发者_JS百科 site a request is done, and I would like to make sure there is no way to fake the referer information.
Referer can be easily spoofed.
Using a referrer is very unreliable as a method of verification.
There exists a firefox plugin called refspoof to do that very easily.
Even command line tools like wget have options to do that: --referer=url
It is possible. There's nothing you can do to prevent browsers from faking that data.
There are many ways to fake any information sent by the client. The most basic rule of accepting information from a client is: don't trust the client.
Ever.
Browsers can fake, among many others, their User-Agent string and referrer (the proper spelling, the PHP function is about the most prolifically perpetuated typo going).
It's easily spoofed, so I wouldn't rely on it for anything important.
The client is free to send you what ever data it wants. You should -never- trust what the browser sends.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论