I found that anybody show their page to user, then 302 redirect to my site,
I want stop it.
I thought there would be referer in request header, but didn't!
I tested this in chrome72.0.3626.121 and ie11, and use fiddler to catch Request,
there have no referer header in all request.
And my server side code can't see referer too.
How can I stop 302 redirect to my site??
It's possible these days for sites to disable adding a referrer when a user follows a link. This is a privacy feature.
The result of sites using this feature is that you can't tell if:
A) A user opened your site directly from the addressbar
B) A user came to your site from somewhere else.
If you could tell the difference, it means the privacy feature is not working. Your only option is to block anyone with no referrer header, but then you might block a lot of other users as well.
There is one other common reason for this though, if you are running an insecure (http) site and you are being linked from secure (https://) site. It might be possible to get the referrer back in this case by upgrading your site to https.
Related
I am currently redirecting a website to another new website. My question is does a redirect automatically move my metadata (titles, taglines, meta description, focus keyphrases) to the new site? or Do I have to manually copy and paste metadata to the new site?
Better put - do my rankings from the old site as a result of metadata automatically point to my new site upon redirecting?
Thanks.
You are going to want to look into using a specific kind of redirect, which is the HTTP 301 redirect. That status code means its a permanent redirect, and most search engines will recognize that and will help keep your SEO.
If you do a HTTP 302 redirect, this being known as a temporary redirect, will technically be considered a new URL in the eyes of a search engine.
So when you are testing you redirect, make sure you open up Chrome Dev Tools (F12) and click the network tab. Refresh the page and click the first row that appears in the table. It should specify the HTTP status code, most likely being 200 (status ok), (301/302) permanent/temporary redirect, (404) file not found, 500 (server error).
So essentially, make sure your redirect is using a 301 redirect, if it is permanent of course!
I just moved my blog to https and, of course, all the facebook shares counters are now reset to 0.
I've spent several hours reading stuff online and I got the solution to point the og:url tag to the old urls (with http instead of https).
It worked for a day but now all the counters are back to 0.
The strange thing is that if I check the urls (both with https and http) with the open graph debugger it returns me 0 shares for both the urls!
I really don't know what to do! Is there a way to have back the counters of the http-version of the urls? Or, as an alternative, is there a way to sum the two counters?
p.s. I already activated the 301 redirect for the whole blog in my .htaccess file.
Facebook treats HTTP and HTTPS as two different URLs and therefor two different Open Graph objects, even if the rest of it is the same.
p.s. I already activated the 301 redirect for the whole blog in my .htaccess file.
And that's your mistake ... You need to keep the old HTTP URLs available for the FB scraper to read the OG meta data from; if you redirect the scraper to the HTTPS version as well, then it concludes that the HTTPS versions was the actual correct URL for this piece of content - and therefor you have just undone what you tried to do by having og:url point to the old HTTP address.
See https://developers.facebook.com/docs/plugins/faqs#faq_1149655968420144 for more details.
The scraper can be recognized by the User-Agent request header it sends - see https://developers.facebook.com/docs/sharing/webmasters/crawler
(How to exclude clients that send a certain user agent from redirection via .htaccess is something that should be easy enough to research.)
Is there any way to identify the url which redirected to another one?
To be clear, let's say we have example-domain.com which redirects (302) to exampledomain.com.
I thought that maybe the http_referer server variable would contain the redirecting url but thats not the case. Is that possible at all?
Wouldn't let me comment or upvote as I'm too new. Wondering if you're still having this problem - as I am too.
If you have control over both domain names, I would suggest you 302 to the URL exampledomain.com?refUrl=example-domain.com and pull the data from the querystring.
If you DON'T have control over both domain names, you are in same situation as me and my non-intentional duplicate question (3rd party is 302 redirect to my website, how to stop?)
In my case from testing, the http_referrer returns the site 'before' the site doing the 302. IE "Google (Click) Example-Domain (302) ExampleDomain"... the http referrer returns Google.
I tried to find out this, and got that http://www.google.com/ncr uses 302(or 301) redirections(not sure if it really is).
and i also got that, the server side redirections(301 and 302) will not change the original referer, i.e. if i visit http://www.google.com/ncr directly, then the request goes to google.com, but nothing in the header can show that i come from http://www.google.com/ncr.
so i wonder how google do this.
People do this very often with servlets. The servlet would detect a certain pattern and issue a redirect to a conglomerated url. A redirect is directed at the browser. It's like the browser has activated/clicked on a new link.
It is like you entered google.com/abc on the url bar and then entered google.com on the address bar after that. Due to privacy issues, the browser does not let the server know what previous URL it has visited.
Of course, if you are on the same session, going to the same site, google would have both server side and client side cookies tracking you that you just came from another google url. If were a web service provider, I Would certainly exploit knowing your browsing history.
So that, due to your browsing history www.whatever. com would redirect to different pages for different users or sessions.
Addendum:
"Due to privacy issues, the browser does not let the server know what previous URL it has visited." is not quite correct.
The more complete spec is
Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec15.html
Another reason why google forcing us to use https benefits us.
Redirect flow of non-secure http
Let's say we have
URL A has a link goto B with leads to URL B.
URL B is a redirect to URL C
The server of URL C will see the referer as URL A, not URL B. That is, the browsers will set the referer to URL A.
Redirect with cookies
I believe you should be able to include a setcookie header on a 30x redirect. I have not tried it so I do not know which browser will ignore or honour it.
BTW
I have great doubts that my answer is satisfactory for your question. I personally feel it is incomplete and I hope some one comes up with a better answer and you should choose that as the answer. In fact, I think you should unchoose this as the answer so that your question gets back into the pool of unanswered questions. Sorry.
I have just migrated a site to a new domain (with new design) and am redirecting from the old site to the new with .htaccess and redirect 301. Since the new site is quite different, I'm concerned that users might be disoriented. Is there a way to have a popup on the new site that users get only if they have been redirected from the old site? Have been searching on this but keywords seem to lead only to stuff on popup redirects to another site.
I can think of several ways to do it:
Redirect in the 301 to another page (www.blah.com/tour instead of www.blah.com) and there i would put the logic to show the popup
Redirect in the 301 to another page and there set a cookie and redirect to the original page. Then, add logic to the original page to show the popup if the cookie is present (and delete the cookie)
Check the referrer in the new site and if it matches the old one, show the popup
Your problem boils down to detecting a request that has come via a 301 redirect - popups and usability are a separate (simpler?!) issue.
Unfortunately, detecting a 301 redirect is one of those inexact things that requires a mixture of techniques to get near to 100%. I say near, but never quite there - a bit like browser detection.
One option is to append a querystring (GET) parameter to the redirected URL, e.g.
www.example.com/LandingPage.html?isRedirected=true
You could also set the same info in a cookie (but won't work if cookies are disabled or cleared).
Another option is checking the Referrer header - but again, these may differ based on browser implementation and can be faked, although if someone's faking a redirect I don't think you need to worry about guiding them through your new design!