单击Gmail中的链接是否会发送引荐来源标头？ [英] Does clicking a link in Gmail send a referer header?

问题描述

这主要是出于隐私方面的考虑。如果我在Gmail（或任何其他电子邮件提供商）上打开了一封电子邮件，其中包含指向网站的链接，而最后我单击该链接，那么Gmail是否会发送引荐来源标头？ （即，目标网站会知道我来自Gmail吗？他们是否会知道我单击链接时使用的电子邮件地址？）

This is mainly for privacy concerns. If I open up an email on Gmail (or any other email provider) containing a link to a website and I end up clicking on the link, does Gmail send out a referer header? (ie. Will the destination website know that I came from Gmail? And would they know the email address that I was using when I clicked on the link?)

最后，如果这样做，有什么办法禁用它吗？

Lastly, if they do, is there any way to disable it?

推荐答案

否，如果您使用gmail的网络界面引荐来源标头，则不会设置，但目的地仍可能猜出您来自gmail。

No, if you use gmail's web interface referrer header won't be set, but destination may still guess that you came from gmail.

点击 http://example.com/something会发生以下情况gmail中的链接：
的实际目的地更改为GET https://www.google.com/url?hl=zh-CN&GB==http:/ /example.com/something&source=gmail&ust=TIMESTAMP&usg=HASH 。
对此HTTP GET的回复google.com以302已移动 = nofollow>位置标头以重定向到实际链接：位置：http://example.com/something 。在处理此回复时， chrome 将请求以下内容：

Here's what happens when you click http://example.com/something link in gmail: actual destination is changed to GET https://www.google.com/url?hl=en-GB&q=http://example.com/something&source=gmail&ust=TIMESTAMP&usg=HASH. In reply to this HTTP GET google.com replies 302 Moved with Location header to redirect to actual link: Location: http://example.com/something. When processing this reply chrome will request something like this:

GET /something HTTP/1.1
Host: example.com
... regular headers ...
X-Client-Data: %HASH%

如果通过在地址栏中键入URL发出请求，则该请求将是相同的，只是不会有 X-Client-Data 标头。 X-Client-Data 标头似乎是由Chrome在访问Google服务器时设置的，并且在使用非Chrome浏览器时似乎没有设置此类标头。如果您以隐身/私人模式打开浏览器，然后单击gmail中的链接，则未设置 X-Client-Data 标头，并且在服务器端，好像您键入了直接在您的地址栏中输入网址。

If you make that request by typing the URL in address bar the request will be identical except there won't be that X-Client-Data header. It seems that this X-Client-Data header is set by Chrome while accessing Google servers and it seems that no such header is set when using non-chrome browsers. If you open your browser in incognito/private mode and click that link in gmail then X-Client-Data header isn't set and on server side it looks as if you typed the URL in your address bar directly.

这篇关于单击Gmail中的链接是否会发送引荐来源标头？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！