Let say, my website is and i am using cURL to pull

I am using cURL HTTP Header to spoof referer value like this

curl_setopt($ch, CURLOPT_HTTPHEADER, ['Referer: /']

(or)

curl_setopt($ch, CURLOPT_REFERER, ";);

So, now for stackoverflow it look like traffic coming from Google instead of my website example ?

Let say, my website is https://www.example and i am using cURL to pull https://stackoverflow

I am using cURL HTTP Header to spoof referer value like this

curl_setopt($ch, CURLOPT_HTTPHEADER, ['Referer: https://www.google/']

(or)

curl_setopt($ch, CURLOPT_REFERER, "http://www.google");

So, now for stackoverflow it look like traffic coming from Google instead of my website example ?

• php
• curl
• http-headers
• php-curl
• http-referer

Share Improve this question Follow asked Mar 22 at 11:07 Stellan CoderStellan Coder 33122 silver badges1616 bronze badges 6

• All HTTP headers can be set arbitrarily by the client, so, yes, the referer can be spoofed. – Olivier Commented Mar 22 at 11:26
• So stackoverflow will see only Google . it can't see my website? – Stellan Coder Commented Mar 22 at 12:08
• 1 It will see your server's IP address as the client. – Barmar Commented Mar 22 at 13:50
• The referer is not where the traffic is coming from. When you follow a link, it's the URL of the page containing the link, but the traffic comes from your PC's IP. – Barmar Commented Mar 22 at 13:51
• @Barmar No, if i am fetching through cURL, it will see my web server public IP not my ISP IP Address. but the question is not about which IP, they see. it about what referrer they see. – Stellan Coder Commented Mar 24 at 3:30

 |  Show 1 more comment

1 Answer 1

Sorted by: Reset to default 0

Yes. This is exactly why CURLOPT_REFERER exist: to customize the referer header. See

hans@LAPTOP-O1AO16UE:~$ cat wut.php 
<?php

$ch = curl_init();
curl_setopt_array($ch,array(
CURLOPT_URL=>'http://example',
CURLOPT_REFERER=>'http://google/',
CURLOPT_VERBOSE=>1
));
curl_exec($ch);
hans@LAPTOP-O1AO16UE:~$ php wut.php 
* Host example:80 was resolved.
* IPv6: 2600:1406:bc00:53::b81e:94ce, 2600:1406:bc00:53::b81e:94c8, 2600:1406:3a00:21::173e:2e66, 2600:1406:3a00:21::173e:2e65, 2600:1408:ec00:36::1736:7f24, 2600:1408:ec00:36::1736:7f31
* IPv4: 23.192.228.84, 96.7.128.198, 23.215.0.138, 23.215.0.136, 23.192.228.80, 96.7.128.175
*   Trying 23.192.228.84:80...
* Connected to example (23.192.228.84) port 80
> GET / HTTP/1.1
Host: example
Accept: */*
Referer: http://google/

< HTTP/1.1 200 OK
< Content-Type: text/html
(...)

The keyword here is Referer: http://google/