How to identify the forgery Referer_javascript skill in c#:webbrowser by flow statistic device

Methods of using WebBrowser to forge Referer: webbrowser1.navigate (URL, "_self", NULL, "referer:http://www.xxx.com")

This period of time has been to study how to set up in the WebBrowser referer to forge the source of the brush flow, but the final study of half a month ended in failure, because the current statistical code, more practical is the cnzz.com and Google AdSense with the statistics, Their statistics are through the JS file statistics, so that the formation of the forgery of the unsuccessful, specifically why not succeed let the following an article to explain it!

As we all know, server-side referer antecedents can be forged, whether it is ASP, PHP or other scripts can be forged referer, some download software is the Referer forged lifelike, the use of WebBrowser control can be easily forged antecedents. So, as a gatekeeper to protect the site, how does it prevent these forged referer?

Here, the use of Javascript is a sharp weapon.

The aforementioned methods of forgery Referer are implemented through server-side scripting, but they do not deceive the client. And JS is executed on the client, it does not pay attention to the server side of the headers information, so, the use of JS Document.referer method can accurately judge the true antecedents of the Web page.

Almost all the third party statistics invariably adopt the document.referer to judge the antecedents, why? It is based on the JS Referer routing is not forged. Even if the Referer Web script is successfully forged on the server side, it cannot be counted in the third party statistic, because these tripartite statistics use the Document.referer to discriminate the true antecedents.

Therefore, in order to combat false referer forgery information, statistical code needs to use JS Document.referer to distinguish, can be forged information shut out.

As far as we know, so far, JS can not forge referer.

Then someone asked, if the client put JavaScript footsteps or even cookies off, how do you judge the Referer? In fact, the answer is very simple, that is, JS and asp/php scripts through the operation of cookies between the middle Bridge to achieve, JS in this referer write to cookies,asp/php read this cookie, if not read this cookie, Then judge the origin of the non-site.