Set HTTP Referrer in htaccess Redirect

.htaccesshttp-headersredirect

I have a new domain for my site and want to forward the user to this new site.
So I set up a simple redirect in my .htaccess file likeI have a new domain for my site and want to forward the user to this new site.
So I set up a simple redirect in my .htaccess file like this:

   RewriteCond %{REQUEST_URI} (.*)
   RewriteCond %{HTTP_HOST} ^www.oldsite.com$
   RewriteRule ^(.*)$ https://www.newsite.com%{REQUEST_URI} [L,R=301]

That works so far, but now I need to check if a user still uses the old domain and therefore I need to check the http_referrer in my php application. Unfortunately the http_referrer is not set? How can I tell my .htaccess to set the http_referrer to www.oldsite.com if the RewriteCond triggers?

Best Answer

tl;dr To check to see whether oldsite.com is still being requested, you should check your server access logs. (Maintain a separate log, just for oldsite.com.)

How can I tell my .htaccess to set the http_referrer to www.oldsite.com

You can't. The Referer HTTP request header is set by the User-Agent / browser. And the redirect itself is not a referrer.

For example:

  1. If you type oldsite.com directly into the browser (direct request, ie. no Referer header is set) then oldsite.com issues a redirect to newsite.com then the original "no referrer" is preserved and no Referer header is sent.

  2. If you click on a link to oldsite.com from example.com then example.com is set as the Referer (by the browser). If oldsite.com then issues a 301 redirect to newsite.com then example.com is still the referrer and this is preserved by the browser. The intermediary site that issues the redirect is effectively hidden from the target site.

Note that if Referer headers are set (and what they are set to) is also dependent on any referrer-policy that might be set on the originating site (as well as any client settings the user might have). The referrer-policy also covers HTTP to HTTPS navigation etc. (which does not send a Referer by default).

UPDATE: I need to "react" to it. For example show the user a message like "Hey you're using an old url, please switch to a new one."

You could perhaps append an innocuous URL parameter as part of the redirect and check for this in the receiving script. This does, however, expose this URL parameter - which you would need to make sure is not picked up by search engines etc. so as not to hamper SEO (ie. set the appropriate rel="canonical" and/or issue a secondary redirect to remove the URL parameter - once you have logged the request).

For example:

RewriteCond %{HTTP_HOST} ^www\.oldsite\.com [NC]
RewriteRule ^ https://www.newsite.com%{REQUEST_URI}?redirect=1 [QSA,R=301,L]

(The first condition that checked against REQUEST_URI wasn't doing anything.)

At newsite.com/.htaccess you could do something like the following to remove the URL parameter (this could be simplified if you have no other URL parameters). However, you might not want to perform this redirect (or perhaps "delay it" or "set a cookie") if you are wanting to display a message to the user.

# Remove "redirect=1" URL parameter if present
RewriteCond %{QUERY_STRING} ^redirect=1(?:&(.*))?
RewriteRule ^ %{REQUEST_URI}?%1 [R=301,L]
Related Topic