From the documentation:

从文档：

The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

将用户代理引用到当前页面的页面地址（如果有）。这是由用户代理设置的。并不是所有的用户代理都会设置这个，有些提供修改 HTTP_REFERER 的能力作为一个特性。简而言之，它不能真正被信任。

http://php.net/manual/en/reserved.variables.server.php

http://php.net/manual/en/reserved.variables.server.php

When a web browser moves from one website to another and between pages of a website, it can optionally pass the URL it came from. This is called the HTTP_REFERER, So if you don't redirect from one page to another it might be missing

当 Web 浏览器从一个网站移动到另一个网站以及在网站的页面之间移动时，它可以选择传递它来自的 URL。这称为 HTTP_REFERER，因此如果您不从一个页面重定向到另一个页面，它可能会丢失

If the HTTP_REFERER has been set then it will be displayed. If it is not then you won't see anything. If it's not set and you have error reporting set to show notices, you'll see an error like this instead:

如果已设置 HTTP_REFERER，则会显示它。如果不是，那么您将什么也看不到。如果未设置，并且您将错误报告设置为显示通知，您将看到如下错误：

 Notice: Undefined index: HTTP_REFERER in /path/to/filename.php

To prevent this error when notices are on (I always develop with notices on), you can do this:

为了在通知打开时防止出现此错误（我总是在通知打开时进行开发），您可以这样做：

  if(isset($_SERVER['HTTP_REFERER'])) {
      echo $_SERVER['HTTP_REFERER'];
   }

OR

或者

 echo isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';

It can be useful to use the HTTP_REFERER variable for logging etc purposes using the $_SERVER['HTTP_REFERER'] superglobal variable. However it is important to know it's not always set so if you program with notices on then you'll need to allow for this in your code

使用 $_SERVER['HTTP_REFERER'] 超全局变量将 HTTP_REFERER 变量用于日志记录等目的可能很有用。然而，重要的是要知道它并不总是被设置，所以如果你使用通知进行编程，那么你需要在你的代码中允许这一点

You can and should never assume that $_SERVER['HTTP_REFERER']will be present.

你可以也不应该假设它$_SERVER['HTTP_REFERER']会出现。

If you control the previous page, you can pass the URL as a parameter "site.com/page2.php?prevUrl=".urlencode("site.com/page1.php").

如果控制上一页，则可以将 URL 作为参数传递"site.com/page2.php?prevUrl=".urlencode("site.com/page1.php")。

If you don't control the page, then there is nothing you can do.

如果您不控制页面，那么您将无能为力。

Referer is not a compulsory header. It may or may not be there or could be modified/fictitious. Rely on it at your own risk. Anyways, you should wrap your call so you do not get an undefined index error:

Referer 不是强制性标头。它可能存在也可能不存在，或者可能被修改/虚构。依赖它，风险自负。无论如何，您应该包装您的电话，这样您就不会收到未定义的索引错误：

$server = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "";

SOLUTION

解决方案

As stated by others very well, HTTP_REFERER is set by the local machine of the user, specifically the browser, which means it's not reliable for security. However, this still is entirely the way in which Google Analyticsmonitors where you're getting your visitors from, so, it can actually be useful to check, exclude, include, etc..

正如其他人所说的那样，HTTP_REFERER 是由用户的本地机器设置的，特别是浏览器，这意味着它的安全性不可靠。但是，这仍然是Google Analytics监控访问者来源的完全方式，因此，检查、排除、包含等实际上很有用。

If you think you should see an HTTP_REFERER and do not, add this to your PHP code, preferably at the top:

如果您认为您应该看到 HTTP_REFERER 而没有，请将其添加到您的 PHP 代码中，最好在顶部：

ini_set('session.referer_check', 'TRUE');

A more appropriate long-term solution, of course, is to actually update your php.ini or equivalent file. This is a nice and quick way of verifying, though.

当然，更合适的长期解决方案是实际更新您的 php.ini 或等效文件。不过，这是一种很好且快速的验证方式。

TESTING

测试

Run print($_SERVER['HTTP_REFERER']);on your site, go to google.com, inspect some text, edit it to be <a href="https://example.com">LINK!</a>, apply the change, then click the link. If it works, all is well and running precisely!

print($_SERVER['HTTP_REFERER']);在您的网站上运行，转到 google.com，检查一些文本，将其编辑为<a href="https://example.com">LINK!</a>，应用更改，然后单击链接。如果它有效，一切都很好并且运行准确！

But maybe $_SERVER is wrong, or the test above says it's broken. Update your page with this, and then test again...

但也许 $_SERVER 是错误的，或者上面的测试说它坏了。使用此更新您的页面，然后再次测试...

<script type="text/javascript">
    console.log("REFER!" + document.referrer + "|" + location.referrer + "|");
</script>

USES

用途

I use HTTP REFERER to block spam sites in GoogleAnalytics.Below is a graph focusing on one particular website's referrals. From 0 to 44 in one day, it wasn't caused by real users. It was caused by a botted site trying to get my attention to buy their services. But it just started because php.ini was updated to ignore the referer, which meant these spam, junk garbage sites were not getting their appropriate ERROR 403, "Access Denied."

我使用 HTTP REFERER 来阻止 GoogleAnalytics 中的垃圾邮件站点。下面的图表侧重于一个特定网站的推荐。一天从0​​到44，不是真实用户造成的。这是由一个僵尸网站引起的，试图引起我的注意以购买他们的服务。但它刚刚开始是因为 php.ini 被更新为忽略引用，这意味着这些垃圾邮件、垃圾网站没有得到相应的错误 403，“拒绝访问”。

function redirectHome($theMsg, $url = null, $seconds = 3) {
    if ($url === null) {
        $url  = 'index.php';
        $link = 'Homepage';
    } else {
        if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] !== '') {
            $url = $_SERVER['HTTP_REFERER'];
            $link = 'Previous Page';
        } else {
            $url = 'index.php';
            $link = 'Homepage';
        }
    }
    echo $theMsg;
    echo "<div class='alert alert-info'>You Will Be Redirected to $link After $seconds Seconds.</div>";
    header("refresh:$seconds;url=$url");
    exit();
}