In HTTP networking, typically on the World Wide Web, referer spoofing (based on a canonised[1] misspelling of "referrer") sends incorrect referer information in an HTTP request in order to prevent a website from obtaining accurate data on the identity of the web page previously visited by the user.
HTTP referer information is freely alterable and interceptable, and is not a password, though some poorly configured systems treat it as such.
If attackers acquire knowledge of these approved referrers, which is often trivial because many sites follow a common template,[3] they can use that information combined with this to exploit and gain access to the materials.
Some are extensions to popular browsers such as Mozilla Firefox or Internet Explorer, which may provide facilities to customise and manage referrer URLs for each website the user visits.
Other tools include proxy servers, to which an individual configures their browser to send all HTTP requests.