When a browser or bot requests a webpage, it sends a “Referer” HTTP header containing a URL of the page that they were previously at, if they followed a link there. It is based on a canonized misspelling of the word “referrer”.

So, if you are on website1.com, and you follow a link from there to website2.com, the administrators of website2.com will be able to see you came there from website1.com based on the string that was passed in the Referer header.

To prevent this from happening, you can just configure your browser to send a different Referer, or even no Referer at all!

Since Referer strings are set on the application level, how to spoof it depends on the type of software you are using. If you have multiple programs, you will have to spoof them all individually:

While by no means an exhaustive list, the following browser extensions have referer spoofing and/or cloaking capabilities.

IMPORTANT NOTE: These extensions have not been fully vetted by the Anonymous Military Institute and should be run with caution. Please inform the Dean if you find any of these to present major security risks!

• https://addons.mozilla.org/en-US/firefox/addon/referercontrol/
• https://addons.mozilla.org/en-US/firefox/addon/referer-modifier/
• https://addons.mozilla.org/en-US/firefox/addon/chameleon-ext/

• https://chromewebstore.google.com/detail/referer-spoofer/khejlgjhghlpadddldphknbnifkahghn
• https://chromewebstore.google.com/detail/kill-the-referrer/bbanejjnomfdapclboglpaldknagccia

Use the -e or --referer flag to directly set the Referer:

$ curl --referer "http://comes-from.example.com" https://www.example.com
- or -
$ curl -e "http://comes-from.example.com" https://www.example.com

Since the Referer is passed as an HTTP header, you can also change the Referer header by using the -H or --header flag, which lets you manipulate headers:

$ curl --header "Referer: http://comes-from.example.com" https://example.com
- or -  
$ curl -H "Referer: http://comes-from.example.com" https://example.com

Since cURL does not set a Referer by default, there is no reason to make it pass a blank string, as the string is empty already.

To set a custom Referer header with Wget, use the --referer flag:

$ wget --referer="http://comes-from.example.com" https://example.com

Since Wget does not set a Referer by default, there is no reason to make it pass a blank string, as the string is empty already.

For more information on how to use wget, read the Wget article.