I know weird urlblobs on outbound links are a thing, but iirc in the past a website could know what link you followed to get to them, from where. Is that still a thing? am I misremembering?
reality is the battlefield
- she/they (pl)
- breadthcharge.net/
the first line goes in Cohost embeds
๐ฅ I am not embroiled in any legal battle
๐ฆ other than battles that are legal ๐ฎ
I speak to the universe and it speaks back, in it's own way.
mastodon
email: contact at breadthcharge dot net
I live on the northeast coast of the US.
'non-functional programmer'. 'far left'.
conceptual midwife.
https://cohost.org/NireBryce/post/4929459-here-s-my-five-minut
If you can see the "show contact info" dropdown below, I follow you. If you want me to, ask and I'll think about it.
You must log in to comment.
in reply to @NireBryce's post:
either that, or UTM parameters that are not super standard but Google Analytics uses them so they may as well be
100% you're thinking of the HTTP Referer header in its officially-misspelled glory.
This is still a thing, but less of a thing than it used to be in the past. It's considered very useful, and it's also considered a privacy concern, so browsers try to thread the needle of what information they will pass, but they all do it differently, and it interacts with a surprising number of other features and security policies.
Across the board, I believe all modern browsers will not send the Referer header when a link on a page served by HTTPS points to a location served by HTTP (there are edge cases for redirect chains). Depending on protocol and whether the link is same-origin, some browsers will also downgrade the Referer header to only contain the domain rather than the full URL.
There may also be policies based on CORS, Content Security Policy, whether the link is navigated or a resource, and whether the page is being loaded in an iframe (with further distinctions in all cases based on whether the links are same-origin).
And of course this is all configurable in the browser, for the 0.1% of power users who give a shit, or the larger fraction of users who run an ad blocker that changes their settings, or the much larger fraction of users who are browsing on their Corporate Laptops which are extremely managed by IT and have all the security settings turned up to 11. (Think banks, not Big Tech.)
I think in general you still get some referer information about 50-70% of the time, but a substantial fraction of that is downgraded to domain-only. This number may be wildly different depending on the audience of the website you're looking at.
looks like you might've had a conversation with some locked accounts here based on 7 comments, but yeah that's the HTTP Referer header and it's usually sent by the browser, unless the website with the original link blocks it via Referrer-Policy (cohost does this)