$http_referer
The $http_referer variable contains the value of the Referer HTTP header from the client's request. — NGINX Core (HTTP)
Description
The $http_referer variable is used in NGINX to access the value of the 'Referer' HTTP request header, which indicates the URL of the webpage that linked to the resource being requested. This variable can help determine where visitors are coming from, allowing server administrators to execute logic based on the originating pages. For instance, if a website offers referral bonuses, it can use this variable to track whether users are coming from an affiliate site. The value of $http_referer is set based on the HTTP headers sent by the browser. If a browser does not send a Referer header (which can occur due to user privacy settings), the variable will be empty. Typical values for this variable include URLs from websites, but it may also be absent in secure contexts or when redirected across different protocols (e.g., from HTTPS to HTTP). Therefore, itβs crucial to handle the potential absence of this variable in your configurations or scripts to avoid unexpected behavior. Additionally, one must ensure proper sanitization when using this variable for purposes such as logging or decision-making, as it could be manipulated by clients. This variable is typically employed in access control, logging, or redirection rules, allowing for fine-grained control based on the origin of the request.
Config Example
location /example {
if ($http_referer ~* "example.com") {
return 403;
}
}Subsystem
httpCacheable
YesContexts
http, server, location, ifIf the client does not send a Referer header, $http_referer will be empty, which might lead to unexpected behavior if not properly handled.
Relying on this variable for access control can be risky, as users can modify their Referer header or use privacy tools that exclude it.