How to manually set REFERER header in Javascript?
I want to set Referer header of my webpage. Currently it displays "xyz" and I want to set it to "abc".
Viewed referer using javascript:alert(document.referer)
You can use Object.defineProperty on the document object for the referrer property:
Object.defineProperty(document, "referrer", {get : function(){ return "my new referrer"; }});
Unfortunately this will not work on any version of safari <=5, Firefox < 4, Chrome < 5 and Internet Explorer < 9 as it doesn't allow defineProperty to be used on dom objects.
You cannot set Referer
header manually but you can use location.href
to set the referer
header to the link used in href
but it will cause reloading of the page.
This works in Chrome, Firefox, doesn't work in Safari :(, haven't tested in other browsers
delete window.document.referrer;
window.document.__defineGetter__('referrer', function () {
return "yoururl.com";
});
Saw that here https://gist.github.com/papoms/3481673
Regards
test case: https://jsfiddle.net/bez3w4ko/ (so you can easily test several browsers) and here is a test with iframes https://jsfiddle.net/2vbfpjp1/1/
I think that understanding why you can't change the referer
header might help people reading this question.
From this page: https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name
From that link:
A forbidden header name is the name of any HTTP header that cannot be modified programmatically...
Modifying such headers is forbidden because the user agent retains full control over them.
Forbidden header names ... are one of the following names:
...
Referer
...
Above solution does not work for me , I have tried following and it is working in all browsers.
simply made a fake ajax call, it will make a entry into referer header.
var request;
if (window.XMLHttpRequest) { // Mozilla, Safari, ...
request = new XMLHttpRequest();
} else if (window.ActiveXObject) { // IE
try {
request = new ActiveXObject('Msxml2.XMLHTTP');
} catch (e) {
try {
request = new ActiveXObject('Microsoft.XMLHTTP');
} catch (e) {}
}
}
request.open("GET", url, true);
request.send();