SSL on my tracking domain leaks referrer ? (12)
Hey guys i red that in order to blank my referrer the best way to do it is to go from
http > https > http.
Which i understood as
LP on http > HTTPS tracking link > http network offer link
And this could also be done with installing SSL on my tracking domain which i did.
But when i used https://trackingdomain.com/tracking202/redirect/dl.php?t202id=139&t202kw=
As an outgoing link on my LP which was on different domain without SSL. The referrer leaked and i saw my referrer in the prosper's spy view.
I tried using http://www.stardrifter.org/cgi-bin/ref.cgi? as destination url (e.g my prosper HTTPS:// tracking links goes to > http://www.stardrifter.org/cgi-bin/ref.cgi? )
But i saw my referrer leaked on that site also.
So how i can use my tracking domain with SSL to blank my referrer ?
You need your LP that the click originates from to be on an SSL... not the redirect url (prosper domain).
Redirects (302 in this case) directly pass through the referrer of the page that the click came from. Redirects do not rewrite the existing referrer.
SSL Referrer Blocking Example...
SSL/HTTPS LP -> Non-SSL Tracking Link (Prosper) -> Offer/Network URL
^^^ will not show your LP's url to the network/advertiser.
Ohhhhhh now i understood. Thanks man 
Originally Posted by kyleirwin
That should blank the referrer as long as you're using a meta refresh to redirect.
Originally Posted by corp
To clarify, the solution I posted above is for header redirects.
For a client side redirect (meta/js), you want the SSL on the bounce/redirect page... not the LP.
If you use a meta/js redirect over non-https, the URL of the redirect page will sometimes be passed set as the referrer, depending on the client's system.
Everyone should also note that SSL is not free, resource wise. It adds latency to your redirects, requires more bandwidth as the data is encrypted, and more resources on both the server and client side to encrypt and decrypt the data being transferred.
@kyleirwin what method you think then is the fastest and most efficient way to blank the referrer ? I researched a little about http vs https performance speed but everywhere its seems different.Some people say https uses more resources and some says https loads faster but the handshake is slower or something like that ..
So what i also tested for speed is and found that javascript redirect ( window.location ) is faster then the html redirect ( meta refresh), i heard php redirect is fastest but it seems like it leaks the referrer everytime.. So this can't be done with php, but there was a thread by polarbacon http://stmforum.com/forum/showthread...light=referrer which uses php redirect to blank the referrers but it isn't working for me.
So the https + javascript or html redirect is gonna blank the referrer pretty good and if the speed becomes an issue.Unwanted visitors, spies and etc. can be fooled with
http://stmforum.com/forum/showthread...light=referrer
and this http://fitaffiliate.com/2012/10/prot...s-prying-eyes/
Your referer is being leaked because while going through the redirect p202 drops SSL.
https://tracking-out > ssl dropped on p202 internal redirect > offer still pick referer.
Try this:
[php]
<?
$url = $_GET['u'];
$id = $_GET['i'];
if($url)
{
if(!isset($_SERVER['HTTP_REFERER'])) // no referer?
header("Location: $url"); // HTTP 302 redirection (referer header remains unset)
else
retry($url, $id); // try to drop the referer
}
function retry($url, $id)
{
$relativeURL = $_SERVER['SCRIPT_NAME'] . "?u=$url&i=". ($id + 1);
$absoluteURL = 'http://' .$_SERVER['SERVER_NAME'] . $relativeURL;
$methods = array(
"<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
<meta http-equiv=\"refresh\" content=\"0; url=$relativeURL\">
</head>
</html>",
"<html>
<head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
</head>
<body>
<iframe src=\"javascript
arent.location='$absoluteURL'\" style=\"visibility:hidden\"></iframe>
<script>var x=0;function go(){location.replace(\"$relativeURL\")};window.se tTimeout('go()', 5000)</script>
</body>
</html>",
);
if( $id < count($methods))
echo $methods[(int)$id];
else
echo $url;
}
?>
[/php]
Usage: script.php?u=URL
This is how i seted it up. script.php is the source code that you gave me.
i uploaded script.php to my ssl domain.
This is how i used the script and i got the following error
https://ssldomain.com/ref/script.php?u=http://trackingdomain.com/tracking202/redirect/dl.php?t202id=7136&t202kw=
Warning: Cannot modify header information - headers already sent by (output started at /home/ssldomain/public_html/ref/script.php:1) in /home/ssldomain/public_html/ref/script.php on line 11
The script is throwing an error before it tries to redirect the user with the header redirect... which it can't do because it has already sent the "body" content of the response when the error was thrown... after which no more headers can be sent to the client on that request.... but you don't need to know all that, try this...
[PHP]<?php
if(isset($_GET['u'])&&is_string($_GET['u'])) {
$url = $_GET['u'];
}else {
$url = '';
}
if(isset($_GET['i'])&&is_string($_GET['i'])&&preg_match('/^[0-9]+$/',$_GET['i'])) {
$id = $_GET['i'];
}else {
$id = 0;
}
if($url) {
if(isset($_SERVER['HTTP_REFERER'])&&is_string($_SERVER['HTTP_REFERRER'])&&strlen($_SERVER['HTTP_REFERER'])>0) {
retry($url,$id);
}else {
header("Location: $url");
}
}else {
echo 'No redirect url set in the "u" querystring variable.<br /><br />Redirect to <a href="index.php?u='.urlencode('http://www.google.com/').'">google</a> without passing a referrer.';
}
function retry($url, $id) {
$relativeURL = $_SERVER['SCRIPT_NAME'].'?u='.$url.'&i='.($id+1);
$absoluteURL = 'http://'.$_SERVER['SERVER_NAME'].$relativeURL;
$methods = array(
'<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta http-equiv="refresh" content="0; url='.$relativeURL.'">
</head>
</html>',
'<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<iframe src="javascriptarent.location=\''.$absoluteURL.'\'" style="visibility:hidden"></iframe>
<script>var x=0;function go(){location.replace("'.$relativeURL.'")};window. setTimeout(\'go()\',5000)</script>
</body>
</html>',
);
if($id<count($methods)) {
echo $methods[(int)$id];
}else {
echo $url;
}
}
?>[/PHP]
Read over the code, reference the functions you don't know on php.net, and keep revisiting it over time until you understand it. It's written in a way that should be easy to comprehend as your tech skills grow. Ask any questions you have, after doing your own due diligence. Good luck
Again the same error Just on different line.
Warning: Cannot modify header information - headers already sent by (output started at /home/domain/public_html/ref/index.php:1) in /home/domain/public_html/ref/index.php on line 19
Do you have a line break before the "<?php" tag? Somehow there is output getting sent to the browser before the script runs... which should not be the case.
You may have to hit me up on skype or aim for this one. My handle is "xkyleirwinx" on either service.
Yeah that was the case.Now the script redirects normally but the referrer still leaks.
Home > Questions and Answers > Tracking Questions