Dankind

So there’s been some talk recently in some blogs on the interwebs regarding cloaking/masking/hiding HTTP REFERERs to protect your traffic sources.

I did some simple testing of my own and thought I’d share my results and some sample code to help some people out with a simple jump/redirect script. The three basic ways to accomplish a redirect are via javascript, meta refr
esh, or an HTTP 30x header. The former two are sent within HTML and the latter is sent before any HTML output to the browser.

Here’s a sample of each:


Javascript Redirect:
<script type="text/javascript">
<!--
window.location = "http://www.example.com/"
//-->
</script>

HTTP 302 Header Redirect in PHP
<?php header('Location: http://www.example.com',true,302); exit; ?>


The odd thing I found was that IE handles javascript and meta refreshes slightly differently than FireFox or Safari. Internet Explorer will null the REFERER when it hits the target site, while FireFox and Safari will both set the REFERER to the URL with the javascript or meta refresh code on it.

If you want to cloak an Internet Explorer redirect, you’ll have to follow xmcp’s frame/iframe suggestions. If you’re fine with blanking the REFERER in IE and sending a masked REFERER in FF and Safari, the example below may be useful (coded in php).


<?php
// Filename jump.php
// syntax http://www.example.com/jump.php?url=http://myaffiliateurl.com?id=myid
$url = htmlspecialchars($_GET['url']); // clean the url
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="refresh" content="3;url=<?php echo $url; ?>"/>
</head>
<body>
<div style="height:300px;line-height:300px;text-align:center">
<a href="<?php echo $url; ?>">Click here to continue</a>
</div>
<script type="text/javascript">
<!–
window.location = "<?php echo $url; ?>"
//–>
</script>
</body>
</html>


One additional note, if you are redirecting from an encrypted HTTPS (SSL) page to an HTTP url, the REFERER is not supposed to be passed. This may or may not be the case, in my testing… a regular a href link will pass a blank REFERER, but an a href= to the HTTPS which does a 302 to a HTTP host DOES pass the REFERER. Make sure to always test your intermediate jump script if referer cloaking/hiding is important to you!

Today I noticed digg sets a cookie named ‘1337′ with a value of 0 (zero) when you browse their digg.com/iphone url. I’ve tried changing the cookie using FireFox’s webmaster tools to various values (1, 31337, 1337, leet, etc) but it just switches back to 0 each time.Anyone happen to have any guesses or perhaps inside knowledge into the use of this cookie? 

Not that anybody reads my blog, but things are shifting around and will hopefully be settled in the next couple weeks.

If anyone knows the original source of this, please let me know so I can link to it.

Imagine life as a game in which you are juggling some five balls in the air. You name them - work, family, health, friends and spirit … and you’re keeping all of these in the air.

You will soon understand that work is a rubber ball. If you drop it, it will bounce back. But the other four balls - family, health, friends and spirit - are made of glass. If you drop one of these, they will be irrevocably scuffed, marked, nicked, damaged or evenshattered. They will never be the same. You must understand that and strive for Balance in your life.

How?

Don’t undermine your worth by comparing yourself with others. It is because we are different that each of us is special.

Don’t set your goals by what other people deem important. Only you know what is best for you.

Don’t take for granted the things closest to your heart. Cling to them as you would your life, for without them, life is meaningless.

Don’t let your life slip through your fingers by living in the past or for the future. By living your life one day at a time, you live all the days of your life.

Don’t give up when you still have something to give. Nothing is really over until the moment you stop trying.

Don’t be afraid to admit that you are less than perfect. It is this fragile thread that binds us to each together.

Don’t be afraid to encounter risks. It is by taking chances that we learn how to be pave.

Don’t shut love out of your life by saying it’s impossible to find time. The quickest way to receive love is to give; the fastest way to lose love is to hold it too tightly; and the best way to keep love is to give it wings!

Don’t run through life so fast that you forget not only where you’ve been, but also where you are going.

Don’t forget, a person’s greatest emotional need is to feel appreciated.

Don’t be afraid to learn. Knowledge is weightless, a treasure you can always carry easily.

Don’t use time or words carelessly. Neither can be retrieved. Life is not a race, but a journey to be savoured each step of the way…

–Brian G. Dyson

President and CEO, Coca-Cola Enterprises during his speech at the Georgia Tech 172nd Commencement Address Sept. 6, 1996