Home > Developer > JavaScript
In the traffic statistics Service has traffic source this function. Traffic source is the concept of visiting the secondary level, in other words, when the visit was established, landing page traffic is the source of the visit traffic source. Although there are many kinds of traffic source, but unfortunately, according to now JS, the way to obtain traffic source only two kinds of--document.referrer, Window.opener. More Unfortunately, Window.opener is not suitable for a lot of scenarios, and document.referrer very weak, so many scenarios can not accurately determine the source of traffic.
Document.referrer of the cover
In terms of usage, document.referrer wants to be able to trace the browser-side behavior. If a page A is opened, then the browser side of the action that may occur is user action, JS code two kinds.
Let's take a look at what a user might do when they open page A:
| 1 | Enter the address of a in the address bar directly |
| 2 | From page b, click Link A and jump to page a |
| 3 | Right-click link A from page b and open in new window |
| 4 | Right-click link A from page b and open in new tab |
| 5 | Drag link A to the address bar |
| 6 | Drag link A to tab bar |
| 7 | Use the browser's forward and rewind buttons |
Note that link here refers to the <A> tag, but if there is an event or target it is another matter.
JS Open page may be the way:
| 1 |
Modify Window.location |
| 2 |
Using window.open |
| 3 |
Click Flash |
It lists some of the ways that the client can open the page, and also enables page A to be presented to visitors through the service-side redirection technology.
The following is a specific browser test, and if this is the case, how does document.referrer behave:
| Serial number | Scene |
IE8.0 | FF3.6 | FF4.0 | Chrome |
| 1 | Enter the address of a in the address bar directly | " " |
" " |
" " | " " |
| 2 | Replace page b page (target= ' _self ') from page B on the left click of link a,a | √ | √ | √ | √ |
| 3 | From page b, click Link A,a in a new window (target= ' _blank ') | √ | √ | √ | √ |
| 3 | Right-click link A from page b and open in new window | √ | √ | √ | " " |
| 4 | Right-click link A from page b and open in new tab | √ | √ | √ | " " |
| 5 | Drag the mouse link A to the address bar | / | " " | " " | " " |
| 6 | Drag the mouse link A to the tab bar | " " | " " | " " | " " |
| 7 | Use the browser's forward and rewind buttons | Keep | Keep | Keep | Keep |
| 8 | Modify Window.location open a page (same domain) | " " | √ | √ | √ |
| 9 | Use window.open to open page a | " " | √ | √ | √ |
| 10 | Click Flash to open page a | ||||
| 11 | Server Redirect to page a | " " | " " | " " | " " |
where, "" denotes an empty string, √ indicates that the source page can be correctly judged, while maintaining means that using forward fallback does not change the referrer of the page. From this table you can see that document.referrer can cover about half of the case. But for some of the more commonly used operations, such as the use of the mouse drag link to the tab bar, forward back and so the situation can not make the correct treatment.
Sources of Document.referrer
The browser sends an HTTP request when it requests page a from the server. The header of this request takes the Referer attribute, and after receiving the request, the server can extract the Referer from the header to determine which page the visitor originated from.
In general, when the browser requests a to send the header in Referer is what, then get a page after the Document.referre value is what. The image above is a request for a page of the Header,a Document.referre for http://localhost/Test/b.html.
If you do not include Referre in the header, you will be assigned an empty string when you use Document.referre to fetch it.
About HTTPS requests
If you click on an HTTPS link on a normal HTTP page, you can attach referer information to the HTTPS request header, and then you can still use Document.referre to get the normal HTTP page on the HTTPS page.
Similarly, if you click on another HTTPS link on an HTTPS page, you can attach referer information to the requested header.
But if you clicked on an HTTP link from an HTTPS page, unfortunately, the HTTP request header that was sent could not contain information about the HTTPS page, possibly for a protection against HTTPS pages.
Forged Referer Information
According to the above description, Document.referre originates from the Referer in the header. So if you want to modify the value of Document.referre, in theory, you just need to modify the request header. You can replace the existing referer in the header with the values you want, and you can add referer if you didn't.
Tampering with headers is a very easy task on the client side. Before the HTTP request of a page is sent out, it can be intercepted using the truncation tool, then the header information is analyzed, and the Referre is modified.
Search a bit, for Firefox can use the Refcontrol plug-in easy to modify. In short, it is easy to deceive traffic source.
Page forced Refresh
It was soon discovered that a page jump was omitted by forcing the specified page to refresh in the META tag in HTML. For example, writing in b.html
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
