Double Meta Refresh
Resulting from an interesting Twitter conversation I was following last week, we got talking in the office about sending traffic to a website and not sending across any record of what site it came from.
When you follow a link from one website to another, the second website can ‘see’ who sent the traffic to it. This is used in packages like Google Analytics to show you your traffic sources and, this is obviously very useful information. If you’re promoting products on your site and have many links through various mediums (Google AdSense, Facebook etc), you can see which sources are leading to traffic, and even through to conversions.
So, why would you want to hide the referring site? It seems that this technique is used by some affiliate schemes who want to mask their sites; as well as many other people on the internet. When you’re operating an affiliate site, you might push promotions through many different outlets – your own sites (multiple), Facebook, Twitter etc. If you’re operating in the same niche as other sites, all promoting the same product, you might want to keep your sources secret.
So how do you hide your site?
Removing your referrer isn’t as easy as it may first seem. The technique is known as ‘dereferring’. This basically means; to strip the details of the referring website from a link request so that the target website cannot identify where the user has come from.
So what’s the best technique?
Since clicking on a link will send the website as the referrer, we need to do something on the client side to remove it.
A meta refresh technique is a discouraged method of instructing a web browser to automatically refresh the current web page after a given time interval. It uses a HTML
meta element with the
http-equiv parameter, and a content parameter giving the time interval in seconds.
You might see this sort of refresh on some of the BBC Sports pages; such as the live football results. It’s used to refresh a web page so that new data can be shown, mainly in the absence of AJAX or Push Technology.
Using the meta refresh techinique, it is possible to instruct a browser to redirect the user to another URL when the page is refreshed. By setting the refresh time interval to zero, this allows meta refresh to be used as a method of URL redirection.
Using a double meta refresh (DMR), you can blank the referrer. This means that you have a script that refreshes to itself, and then refreshes onto your site. This way, no link is clicked on from within the script, and the referrer is removed. It’s useful to point out now that this isn’t foolproof. Since referrers are tracked on the client side by your browser, it depends on the browser as to whether it ‘forgets’ this information or not.
I built a quick and dirty PHP script to show this technique. In this example, we go from page one which has a link on it; through a page that does the DMR, and through to a third page – the page we want to end up on.
This code works great for Firefox and Internet Explorer. However, Chrome and Safari don’t clear the referer like they should. This means that we need to work some magic for those browsers.
Page 2 is amended thus:
'; }?> } ?>
The code here, in the final page 2; tries to do a double meta refresh first, and if it can’t then, it plants an iframe on the page and redirects using that. This way, we cover all the bases.