Double Meta Refresh

Author avatar

Douglas Radburn

    Resulting from an interesting Twitter conversation I was following last week, we got talking in the office about sending traffic to a website and not sending across any record of what site it came from.

    When you follow a link from one website to another, the second website can ‘see’ who sent the traffic to it. This is used in packages like Google Analytics to show you your traffic sources and, this is obviously very useful information. If you’re promoting products on your site and have many links through various mediums (Google AdSense, Facebook etc), you can see which sources are leading to traffic, and even through to conversions.

    So, why would you want to hide the referring site? It seems that this technique is used by some affiliate schemes who want to mask their sites; as well as many other people on the internet. When you’re operating an affiliate site, you might push promotions through many different outlets – your own sites (multiple), Facebook, Twitter etc. If you’re operating in the same niche as other sites, all promoting the same product, you might want to keep your sources secret.

    So how do you hide your site?

    Removing your referrer isn’t as easy as it may first seem. The technique is known as ‘dereferring’. This basically means; to strip the details of the referring website from a link request so that the target website cannot identify where the user has come from.

    So what’s the best technique?

    Since clicking on a link will send the website as the referrer, we need to do something on the client side to remove it.

    A meta refresh technique is a discouraged method of instructing a web browser to automatically refresh the current web page after a given time interval. It uses a HTML meta element with the http-equiv parameter, and a content parameter giving the time interval in seconds.

    You might see this sort of refresh on some of the BBC Sports pages; such as the live football results. It’s used to refresh a web page so that new data can be shown, mainly in the absence of AJAX or Push Technology.

    Using the meta refresh techinique, it is possible to instruct a browser to redirect the user to another URL when the page is refreshed. By setting the refresh time interval to zero, this allows meta refresh to be used as a method of URL redirection.

    Using a double meta refresh (DMR), you can blank the referrer. This means that you have a script that refreshes to itself, and then refreshes onto your site. This way, no link is clicked on from within the script, and the referrer is removed. It’s useful to point out now that this isn’t foolproof. Since referrers are tracked on the client side by your browser, it depends on the browser as to whether it ‘forgets’ this information or not.

    I built a quick and dirty PHP script to show this technique. In this example, we go from page one which has a link on it; through a page that does the DMR, and through to a third page – the page we want to end up on.

    Page 1:

    testing

    Page 2:

    ';
    }?>

    Page 3:

    The content!
    

    This code works great for Firefox and Internet Explorer. However, Chrome and Safari don’t clear the referer like they should. This means that we need to work some magic for those browsers.

    The solution for these browsers, is to use a javascript redirect, but as this would usually send a referer as the redirecting page, we combine this with an iframe.

    Page 2 is amended thus:

    ';
    }?>
    
    
    }
    ?>

    The code here, in the final page 2; tries to do a double meta refresh first, and if it can’t then, it plants an iframe on the page and redirects using that. This way, we cover all the bases.

    Bath

    +44 (0) 1225 480 480

    20 Manvers Street

    Bath

    BA1 1JW

    Leeds

    +44 (0) 113 260 4010

    2nd floor, 2180 Century Way,

    Thorpe Park,

    Leeds, LS15 8ZB.

    London

    +44 (0) 113 260 4010

    5th Floor, Cordy House,

    91 Curtain Road

    London, EC2A 3BS

    Part of the St. Ives Group

    • By pressing submit you consent for Edit to contact you via your email or telephone number for purposes relevant to your request for our goods or services. Your contact details, including your name, company, telephone number and email address will be used by Edit. By contacting you are agreeing to Edit’s Privacy Policy. If you have any questions, please ensure you review this section before submitting.

    • This field is for validation purposes and should be left unchanged.

    © 2018 Edit. St Ives Group. Company reg. no. 3624881, All rights reserved. VAT Registered GB 927458295 Privacy Policy | Terms & Conditions | Cookie Policy