The HTTP referer is an optional HTTP header field that identifies the address of the webpage which is linked to the resource being requested. By checking the referrer, the new webpage can see where the request originated.
When visiting a web page, the referrer or referring page is the URL of the previous webpage from which a link was followed.
HTTP Referer Enforcement can be in MEETS to ensure that users access MEETS from a specific URL. Consequently, even if a MEETS link is shared with external users, these users will not be able to access MEETS from outside your the organization's platform or resource.
Please note that matching against an HTTP Referer is not perfect. Savvy users will be able to use various tools to forge a referer and bypass any security this feature offers, if they know what to target. Some browsers or security tools may also strip the HTTP Referer header, thereby preventing users of them from accessing a context protected in this fashion. Some browsers or sites are also set up to limit the information passed via an HTTP Referer header so only domain matching will work. However, if you can edit your own HTML, it is possible to override this by using a referrer policy parameter like the following:
<a href="http://example.com/" referrerpolicy="no-referrer-when-downgrade">
If you use matching which includes the path or query parameters, please note that you will need to update your links when you reorganize your site or if your web service restructures its path or query parameters.
To use HTTP Referer Enforcement with MEETS, please view https://cirqlive.freshdesk.com/support/solutions/articles/8000089103-overview.
For more information regarding HTTPS referers, please view: