Not too long ago, I created noref.io, a free website/service that you can use to hide the user’s HTTP referer when clicking on hyperlinks you create. But what is HTTP referer?

First thing first, did you misspell referrer?

No, it’s actually spelled referer. See Mozilla, Wikipedia, and W3.

What is HTTP referer?

Mozilla has a great explanation:

The Referer request header contains the address of the previous web page from which a link to the currently requested page was followed. The Referer header allows servers to identify where people are visiting them from and may use that data for analytics, logging, or optimized caching, for example.

Every HTTP request comes with a header that contains information such as your browser version, operating system, and many more. Referer is one of them. Click here if you want to see what information your browser includes in the header.

Example, if you are browsing example.com and clicked on a link that leads you to example.org, example.org can know that you came from example.com.

Why do people hide their HTTP referer?

To link to another website without exposing your website. Sometimes, the URL at your website may reveal private or sensitive information about the user or your service. You may want to prevent that information from being transmitted to another website.

Example:

Click on these two links and see the difference:

Without noref.io

With noref.io

Can you give a real-world use case for hiding your HTTP referer?

Google

In the past, website owners were able to tell the search query (what you typed into Google) that brought you to their website. Google implemented their own referer hider so that referer always says “https://www.google.com/” instead of “https://www.google.com/?q=my+search+query”

Can you give a scenario in which HTTP referer is useful?

As a part of many security measures (i.e. not be used alone) you can implement to increase your website’s security.