Is there an alternative way to track the source of traffic to my website other than using HTTP_REFERER? I currently have my PHP script checking HTTP_REFERER to see where the user came from but apparently it is not ideal, how else could I do it?
It has limitations for my web stats script because it does not always contain the referral URL because not all browsers support it and it can get blocked by firewalls such as Norton Internet Security and it can be changed in peoples browsers.
There isn't much else - it's still the ideal one. All browsers support it, there are extensions like RefControl that can modify or drop or spoof it, but for the majority of users it is ideal.
I still seem to be getting many people coming to my site with a blank referrer, what might cause this?
Someone may have: - posted on a forum something like: "sorry i cant post links yet, go to your site dot com" - URL shortener service that drops referrer - something like anonym.to - type-in traffic - maybe you've been linked on a forum that predominately uses something like norton (like their support forums or something as an example) - tons of reasons - real life advertising, word of mouth - returning visitors that already have it bookmarked or just type it in and let it autocomplete
There is no better way. You cant control the contents of the HTTP_REFFERER post so the best you can do it retrive it.
Here's what I always use to get the ip's or info from visitors. function getip(){ $ipaddr = getenv("HTTP_X_FORWARDED_FOR"); if(!$ipaddr) $ipaddr = getenv("HTTP_X_FORWARDED_FOR"); if(!$ipaddr) $ipaddr = getenv("REMOTE_ADDR"); if(!$ipaddr) $ipaddr = $REMOTE_ADDR; if(!$ipaddr){ $ipaddr = "Unknown"; } return $ipaddr; } PHP:
nope, sorry this was about the referral address. my code gets the IP, which at times can be the referral address.
If you do happen to find something it's likely going to be less reliable than the referrer since it would have to be a vendor/browser-specific extension. Referrer is the one and only part of the HTTP protocol that was designed to carry the information you want.
While it's not superbly reliable, HTTP_REFERER is the best and really only option for the specific purpose of guessing which page someone clicked to your page from. Its unreliability makes it absolutely useless for security or other critical functionality. In that case it's best to think of another way of accomplishing the broader goal.
Another source of blank HTTP_REFERER is when people type the URL into the address bar directly or select your URL from their bookmarks. It's the only source of this information, so you're stuck with its limitations.
HTTP_REFERER, can be spoofed and disabled. Theirfore when used always validate its format, and if inserting to db sanitize it. Thier is'nt any alternative method of getting the referer with php.