Why do people hide their http_referer?
I don’t hide HTTP_REFERER. I rewrite it on every outbound request to be the same as the HTTP_REQUEST URL. This accomplishes three things: It takes care of the fact that it’s none of your business. It provides an innocuous response so that poorly written server scripts that rely on this value continue to function. It clearly reinforces to clueless site administrators that no data coming from the client should be trusted.
I load a 3 month trial of NIS on all the computers that come into my shop for the firewall and AV feature. I think it’s just a simple privacy issue. It does seem kinda silly, but I still imagine there’s a programmer at Symantec with a good reason for it.
I don’t hide my Referer, I’m just choosing not to tell you where I came from. (Because, as previously mentioned, it’s none of your business) There are a lot of things I can optionally provide to the server on the other end of my connection, like Refe[r]rer, client, and OS. The remote end knowing my IP address is necessary for the entire setup to work. Where I came from isn’t.
