HTTP referer (originally a misspelling of referrer) is an HTTP header field that identifies the address of the webpage (i.e. the URI or IRI) that linked to the resource being requested. By checking the referer, the new webpage can see where the request originated.
In the most common situation this means that when a user clicks a hyperlink in a web browser, the browser sends a request to the server holding the destination webpage. The request includes the referer field, which indicates the last page the user was on (the one where they clicked the link).
When visiting a webpage, the referrer or referring page is the URL of the previous webpage from which a link was followed.
More generally, a referer is the URL of a previous item which led to this request. The referer for an image, for example, is generally the HTML page on which it is to be displayed. The referer field is an optional part of the HTTP request sent by the web browser to the web server.
Many websites log referers as part of their attempt to track their users. Most web log analysis software can process this information. Because referer information can violate privacy, some web browsers allow the user to disable the sending of referer information. Some proxy and firewall software will also filter out referer information, to avoid leaking the location of non-public websites. This can, in turn, cause problems: some web servers block parts of their website to web browsers that do not send the right referer information, in an attempt to prevent deep linking or unauthorised use of images (bandwidth theft). Some proxy software has the ability to give the top-level address of the target website as the referer, which usually prevents these problems while still not divulging the user’s last-visited website.
Recently many blogs have started publishing referer information in order to link back to people who are linking to them, and hence broaden the conversation. This has led, in turn, to the rise of referer spam: the sending of fake referer information in order to popularize the spammer’s website.
Many pornographic paysites use referer information to secure their websites. Only web browsers arriving from a small set of approved (login) pages are given access; this facilitates the sharing of materials among a group of cooperating paysites. Referer spoofing is often used to gain free access to these paysites.