Home > General > Affiliate Marketing Forum

---

Best method to hide referrer that doesn't leak? (23)

---

Found out that Double Meta Refresh isn't safe and will eventually leak. What would be the best method to hide the referrer with no leaking? Preferably one that doesn't have much of an impact on loading times.

I've seen people suggest "http to https" but not sure what this means.

---

You basically setup your offer redirection script on https location when the user clicks on your CTA button.

So, put your offer redirection script in https://yourdomain.com/go.php and go.php being on https location won't leak the referrer. If you want an extra layer of security, setup double meta refresh on HTTPS. I hope that helps.

---

Exalted moon hit it. You don't need the DMR as well though. Http to https will do the trick, browser standards prevent that from passing any refer data through. The only way it will leak is in the 0.0001% case when someone is using a custom/badly built browser.

Get a cheap SSL from namecheap. 9$.. 10mins later you are good to go.

---

Thanks. So would making the Voluum click link SSL i.e. HTTPS://track.domain.com/click be enough to hide everything?

---

No Voluum doesn't allow you to do that cause you would need to install the SSL cert on their server. Exalted Moon's way is the way to go.

---

What if you're using a custom tracking domain with Voluum? Then would making the Voluum click url SSL suffice?

Making an out.php redirect to the voluum click url which then redirects to the offer means an additional redirect, instead of click url -> offer.

---

Theres a couple ways to go about this,

1. http tracking link >> https lander domain >> http outlink >> http offer page

2. http tracking link >> http lander >> https out link >> http offer page (tracker must use a html redirect with this method as a php 302 redirect will not blank referrer)

You can test to see if the referrer is being blocked or not by setting up your funnel and using a referral checking service domain such as this (http://nullrefer.com/what-is-my-referer.html) as if it was your offer.

As far as I know you can't do the ssl out link method with Voluum, however Thrive offers this as an option.

After some testing I've found that the first method (using https landing pages) has less click loss for me. If you want ssl for your lander domains no need to buy an ssl certificate just add your domain to cloudflare.

---

By doing #2, would the referrer still show your Voluum tracking url?

https out link would redirect to your Voluum click link (track.voluumtrk.com/click). So the LP would be blanked, but not track.voluumtrk.com? (They can just search your tracking link on spy tools).

---

I just tried your #1 solution, so http campaign link ==> https lander ==> http outlink and it seems like my Voluum campaign data is going missing somewhere along the way... I get the following error after clicking the outlink:


Did you take any extra steps to handle that?

---

Voluum offers the https, just switch from custom domain to default Voluum domain for out link. You can continue to use your custom domain for campaign url but for the out link you have to use voluum default one for https. Also do keep in mind if the offer page is on https, all your referrers will be available to advertiser. DMR with HTTPS will hide 99.99%.

---

@ andyvon

No extra steps are needed besides having your lander on a https domain and adding the landing page domain with https in volume.

---

For this scenario: HTTPS out link -> HTTP aff network offer tracking url -> HTTPS offer url

Would the referrer still be passed to the offer url?

---

no.. if there is any thing non https in between.. no referrer data will be passed.

---

http -> http, Referrer is passed.
https -> https, Referrer is passed.
http -> https, Referrer is passed.
https -> http, NO referrer is passed.

---

The whole https to http discussion - isn't this very depending on the browser version the visitor uses? In theory, most up to date browsers should not pass a referrer by this setup, but from what I've seen in tests and read, there's quite a lot of referrers still leaked by using this method only (assuming not using a DMR).

The way I see it, https to http is according to 'standards' not passing a referrer, in reality though it does as a lot of older / custom browsers do not follow that rule. In case I'm wrong here feel free to correct me.

---

Yes, you are right fjk87, it depends lot on the browser, the standards says that no https data should be passed but if browser doesn't follow them, then it is going to leak them.

---

Have you tried this yourself? Voluum support told me otherwise:

"When setting up links on your campaigns, the domain used throughout needs to correspond.
So, when using a custom domain for the campaign URL, the click and tracking pixel URLs also need to correspond exactly.

Same applies to using one of our default domains.

I.e. Campaign URL uses 12345.voluumtrk.com
Click URL and tracking pixel within the same campaign will also have to use 12345.voluumtrk.com

This is due to the handling of redirection is based on the referring data."

---

My bad... yes.. what you said is right... what I wanted to say, switching to default domain wont affect your existing campaigns URL that you're already running on an ad networks. But for https out link to work, you have to have default Voluum domain campaign url.

---

The Voluum postback an use their standard domain

---

What if your outlink is to the aff networks tracking link HTTP but they redirect to their HTTPS version?

https out > attempt to HTTP aff network tracking link > redirect to HTTPS version of aff network tracking link

---

It wont pass referrer, as soon as there is http after https LINK, browser has to stop sending any referrer data. But do keep in mind its browser's decision!!!

---

http://blankreferer.com

*Bump
Maybe This could be useful

---

any other options for direct linking other than DMR?

---

Home > General > Affiliate Marketing Forum