No referrer header on leacher's site !!

shahzaib mushtaq shahzaib.cb at
Tue Apr 4 11:24:48 UTC 2017


We came across a website who is playing our video links remotely. Since
we've hotlinking protection enabled based on referrer headers so i checked
the request header by playing that video & found out that *referrer header
was missing* in the browser's requests header tab.

Then to generate same issue on our end, i statically added the video link
in player on different domain & tried to play that video remotely which was
successfully forbidden & browser *had referrer header *as well.

Please have a note that he didn't embedded the video from our website, he's
putting direct mp4 links & they are being played without any referrer
header in the requests.

Thanks for your help in advance !!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list