Not able to capture correct referrer using javascript document.referrer

We are trying to capture referrer using javascript code document.referrer. But in some cases we are getting wrong output.

In my case open Google.de and then search for “zalando” and then click on a Paid Search Ad. When I landed on the page it should have actually showed “Google.de” as the referrer but instead it is showing us “zalando.de”. Please find attached screenshot for reference.

Hope this is something related to website. But I am a bit curious to know the following things:

  1. Why document.referrer is not working in my case?
  2. What are the techniques that website owners are following to change the referrer?
  3. Is there a way to get correct referrer using javascript in above case?

Help would be appreciated 🙂

enter image description here

Answer

The problem with Google is, that it is SSL secured (HTTPS).

The referer get’s removed by changing from a secured host to a non-secured host.

Google changed their encryption to default SSL for almost all users (excluding countries where encryption is not allowed like some in Asia, …). This problem also occures in many web statistics and Google searches, google for “encrypted_search_terms in WordPress” – many ppl encounter the problem not beeing able to access the referer – simply because it is removed during HTTP requests.

If a website is accessed from a HTTP Secure (HTTPS) connection and a
link points to anywhere except another secure location, then the
referer field is not sent.

The upcoming standard HTML5 will support the attribute/value rel =
“noreferrer” in order to instruct the user agent not to send a
referer.

Source: http://en.wikipedia.org/wiki/HTTP_referer#References

Update:

Request URL: http://www.zalando.de/mbox-de-home/?wt_ga41=5671686226_28149528346&wt_gk41=Exact_5671686226_zalando&gclid=CKTOt4eZvrkCFUHHtAodDDAAKw

Referer: http://www.google.de/aclk?sa=l&ai=Cpa3Esq4tUvv-G4e9-Qap_YH4AvKmg_ID8tzul2md6c2tKAgAEAFQwa_i7v7_____AWCVspWCpAegAZ67pcQDyAEBqQJzLk9s6Bu2PqoEIk_QWWoJkHHqxkgWDNaWPV1Nuz1wbu1k-cSPx7tybvJDfR6AB8rE2js&sig=AOD64_3X48XkFIMsdt0_6nyr60yxwlqYKQ&ved=0CDEQ0Qw&adurl=http://www.zalando.de/mbox-de-home/%3Fwt_ga41%3D5671686226_28149528346%26wt_gk41%3DExact_5671686226_zalando&rct=j&q=zalando

Actually the referer gets sent and there is no secured connection.

The problem now is, that from the google search to the shop site you have a chain of different pages and requests. You are capturing the referer at the wrong place.

Google Search -> Google Ad Redirect 1 -> Google Ad Redirect 2 … -> Zalando landing page -> zalando website

The referer must be captured on the first request after leaving the google sites. Actually, you capture the referer at the end of that chain.

This is your landing page:

http://www.zalando.de/mbox-de-home/?wt_ga41=5671686226_22217536906&
wt_gk41=Exact_5671686226_zalando&gclid=CL7JlvibvrkCFeXMtAodS3oALw

That’s the point where you have to capture the referer (probably with your server side language, not with Javascript).