How to Use the HTTP Referer

Things You Can Do with the Referer

The HTTP referer is passed by web browsers to the server to tell you what page the reader was on before they came to this page. This information can be used on your website to provide extra help, create special offers to targeted users, redirect customers, or block visitors from coming to your site. You can use scripting languages like JavaScript, PHP, or ASP to read and evaluate referrer information.

Or you can add lines to your files.

Collecting Referer Information With PHP, JavaScript and ASP

PHP stores referer information in a system variable called HTTP_REFERER. To display the referer on a PHP page you can write:

if(isset($_SERVER['HTTP_REFERER'])) {

This checks that the variable has a value and then prints it to the screen. Instead of the echo $_SERVER['HTTP_REFERER']; you would put your script lines to check for various referers.

JavaScript uses the DOM to read the referer. Just like with PHP, you should check to make sure that the referer has a value. However, if you want to manipulate it, you should set it to a variable first. Here's how display the referer to your page with JavaScript. Note that the DOM uses the alternate spelling of referrer:

if (document.referrer) {
  var myReferer = document.referrer;

Then you can use the referer in scripts with the variable myReferer.

ASP, like PHP, sets the referer in a system variable. You can then collect that information like this:

if (Request.ServerVariables("HTTP_REFERER")) {
  Dim myReferer = Request.ServerVariables("HTTP_REFERER")

You can use the variable myReferer to adjust your scripts.

Once You Have the Referer, What Can You Do With It?

Once you have the referer information you can use it to script your sites in lots of ways.

A simple thing to do is just post where you think they came from. But that is pretty boring. What is more interesting is when you use the referer to display different information depending upon where they came from. For example (all the examples use JavaScript, but you can use any scripting language you prefer):

  • General welcome message
    You can print the referer URL at the top of your page in a general welcome message. As I mentioned above it's pretty boring.
  • Welcome search engine visitors
    When someone has arrived at your site from a search engine (i.e. their referer is or or, etc.), you might want to provide them with a little extra information to encourage them to stay longer on your site. You could point out your newsletter URL or give them links to some of the more popular pages on your site.
  • Pass information to forms
    If you have a link on your site for people to report problems with the site itself, knowing the referer can be very useful. People will often report problems with a web page without indicating the URL, but you can use the referer information to make a guess about what they are reporting. This script will add the referer to a hidden form field:
  • Create a special offer for some visitors
    Perhaps you want to give people who come from a specific page a special deal on your products or services. You could open a new window to your offer page. Remember that people don't always like pop-up windows, so use this carefully.
  • Send visitors to another page
    You can also send people from a specific referer to another page altogether. Be very careful with this, as Google and other search engines might consider this to be misleading and penalize your site.

Block Users with .htaccess by Referer

If you are experiencing a lot of referer spam on your site from one particular domain, it can help to simply block that domain from your site. If you're using Apache with mod_rewrite installed, you can block them with a few lines. Add the following to your .htaccess file:

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} spammer\.com [NC]
RewriteRule .* - [F]

Change the word spammer\.com to the domain you want to block. Remember to put the \ in front of any periods in the domain.

If you get a lot of referer spam, check out my article How to Block Referrer Spam for more suggestions for blocking it.

Don't Rely on the Referer

Remember that it is possible to spoof the referer, so you should never use the referer for security. You can use it as an add-on to your other security, but if a page should only be accessed by specific people, then you should set a password on it with htaccess.

Get more information about the HTML referer: 

What is a Referer?

 Why is Referrer Spelled "Referer" in Web Development?

What is My Referer

Test Your Browser for the Referer 

What is the rel=noreferrer Attribute?

What is the DOM referrer Object?