views:

59

answers:

5

Is there a way a Web site can learn something about your browsing activities outside of this Web site from an HTTP request sent to the Web site by your browser?

A: 

Yes, sometimes. There is a referrer URL which browsers send if you click say from a google search result page.

In fact, in some cases, relying on this referrer has been detrimental to the web server(!) due to referrer spoofing.

See: http://en.wikipedia.org/wiki/HTTP_referrer

Moron
Thanks! Your answer is also fine.
john
A: 

From an ethically correct position, every website can find out the webpage you come from (if you clicked the links that redirects to your website)

From the dark side you might get something more with browser exploits or spying on your visitor cookies. Although exploits are not something that you can rely on, probably you can retrieve some information from users who do not click the option "accept only cookies from sites I navigate to".

Francisco Garcia
+1  A: 

Hmm... possible, to an extent, I suppose. The HTTP request might contain the referrer link, so if a person visits your website by clicking your web link from some external site, you will at least know where they come from. Here's some info on the HTTP referrer header: http://www.w3.org/Protocols/HTTP/HTRQ_Headers.html

limc
+2  A: 

Third-party cookies are a construct used specifically for this purpose.

Jacob
A: 

As others have mentioned, the browser will send a Referrer header, which tells the web server where the link to the new page you're loading came from.

In theory this is the only information a site should be able to deduce about your browsing history. However, there are often browser vulnerabilities that mean that information is leaked - for example, using the fact that the colour for links that have been visited is different. Sometimes other browser bugs can leak cookies too. (Though note that these require more than just the initial GET - there usually must be javascript in the web page that gets served up in order to exploit these problems.)

In summary - theoretically the Referrer is all that gets sent; in practice browser bugs may leak more information.

psmears

related questions