Blocking vs forging Referer - What is most common?

Discussion in 'privacy problems' started by TheWindBringeth, Sep 29, 2015.

  1. TheWindBringeth

    TheWindBringeth Registered Member

    Feb 29, 2012
    Q1: Has anyone come across statistics or other meaningful evidence that would shed light on which Referer mitigation is most common these days? Examples:
    1. Block Referer header
    2. Use target URL as the Referer value
    3. Use the root of the target URL as the Referer values
    Q2: Assume someone wants to break Referer *and* they aren't at all concerned about breaking/accessing pages. They will either block or forge in some way. Which could be factored in by fingerprinting routines they encounter. WRT this fingerprinting concern, do you prefer one mitigation over the others?