How to mask referral URLs in address bar

Question

Let's say I have a referral URL http://www.example.com/r?ref=86745348 and I want to completely hide the r?ref=86745348 part of the URL from my visitors.

I've tried this approach:

<?php
header("Location: http://www.example.com/r?ref=86745348");
exit;
?>

and I've tried url shortners like TinyURL.

All my attempts hide the URL in the hyperlink, but do not hide the URL in the address bar in the user's browser.

No matter what I do, once the user lands on the referral page, they can see the referral link, delete it, and cheat me out of my referral.

So my question is, how can I hide the referral link from the address bar?

So how can you change what a third-party does with its URLs? Good luck with that. — Popnoodles, Jan 13 '13 at 18:03
You might find any decent referral-based site will keep the referrer id in session so that it doesn't matter if the user deletes it from the URL — Popnoodles, Jan 13 '13 at 18:05
An example would be Facebook. The referral links are not kept in session and are entirely dependent on the GET method. — Sweepster, Jan 14 '13 at 00:08
@Jonathan Can you clarify what referral system at Facebook you're talking about? Not disbelieving you, just intrigued what you're referring to (no pun intended). — IMSoP, Jan 14 '13 at 00:53
@Jonathan That is not Facebook implementing the referral scheme though, it is whoever is being linked to. — IMSoP, Jan 14 '13 at 09:03

score 6 · Answer 1 · answered Jan 13 '13 at 18:03

6

You can't.

If your business plan depends on tricking users into not realizing that you are taking a referral fee, you need to step back and reevaluate what you're doing.

answered Jan 13 '13 at 18:03

1) Not a business. 2) The point isn't to trick people. The point is to stop those who would steal my referral from me by deleting the referral ID from a URL. This is about retaining that which is rightfully mine vs free advertising for someone else. – Sweepster Jan 14 '13 at 00:10
Who are "those who would steal your referral"? Let me restate: If you are concerned that the users you are referring to another service would prefer to not be marked as referred by you, you are doing something that is strange, and probably wrong. – Jan 14 '13 at 00:32
The simplest example would be a game, where you get points by referring people. The referral is sent by a GET method by the game. The user can delete this part of the url in his address bar, reload the page and then "enter" at which point the user enjoys the game and I lose out on the bonus points. This is to the user's advantage as it gives him that much of an advantage vs the person who referred him. – Sweepster Jan 14 '13 at 03:04
1

That seems like a significant design flaw in the game. Most sites I've seen with referral programs (both games and commercial services) reward both the referred and referring users; **punishing** the referred user is simply backwards. – Jan 14 '13 at 04:15

score 1 · Accepted Answer · answered Jan 13 '13 at 19:04

1

I agree with @duskwuff. This is wrong... But just for the knowledge scope. This will work. Create a HTML page with the following code and send users to this page.

<iframe src="http://www.example.com" width="100%" height="1024"></iframe>

IDEA: To load a Page A inside Page B using a full page iframe to hide url of Page A

answered Jan 13 '13 at 19:04

Debajyoti Das

2,038
4
34
66

Ugly, but technically doable (although I'm not sure that particular `height` attribute's a good idea). Note that the 3rd party site may have code to break out of such iframes, and/or not operate as expected when displayed in this way. – IMSoP Jan 14 '13 at 00:45
1

Also, note that your posited dishonest visitor needs only a bit of technical knowledge to spot that they are being corralled in this way and discover the true URL of the page by viewing the HTML source. – IMSoP Jan 14 '13 at 00:49

score 0 · Answer 3 · edited May 23 '17 at 12:32

Well the first question has to be - who exactly is monitoring these parameters that are acting as refferals? I assume it's not your server and script that are parsing the $_GET['ref'] parameter no?

Perhaps if the server "counting" the referals actually uses the $_REQUEST parameter as opposed to plain "in-sight" $_GET ones, then you might be able to use $_POST hence "hiding" the parameters from the users.

A quick search on the new and improved search yeilded this helpful answer dealing with redirections with $_POST data.

score 0 · Answer 4 · answered Jan 13 '13 at 18:11

0

The logic you are trying to achieve can only be achieved on the receiving end of the hyperlink - you cannot trick a browser into visiting one URL but telling the user they're on another, as that would be a massive security risk.

If the service you are linking to has implemented referral tracking in a sensible way, a cookie will be planted as soon as the user lands on their site, so that removing the query string would have no effect on how the referral is tracked. The target site could even tidy up the URL themselves, redirecting users to a version with no query string, but again, this is something only they can achieve.

If the target site is implemented in such a way that removing the query string is enough to rob you of your referral fee, it is them that is robbing you, not the users.

answered Jan 13 '13 at 18:11

IMSoP

89,526
13
117
169

I don't buy the argument that it is poor programming by the third party that robs me of my referral which is deliberately removed by the user himself. It certainly doesn't help, but 99% of referrals seem only to use the GET method vs POST. – Sweepster Jan 14 '13 at 00:12
@Jonathan I didn't mention POST; most referrals will store it into a cookie or session as soon as the user arrives. Otherwise, the application would have to copy the referral parameter onto every internal link and form while the customer was choosing products or completing a booking process. – IMSoP Jan 14 '13 at 00:34
I know you didn't mention POST. I'm simply stating my observation that most sites don't go about the cookie method if they can avoid it because many users don't accept cookies anymore to begin with. Hence the preference for the GET/POST. – Sweepster Jan 14 '13 at 03:06
@Jonathan Very few shopping or game sites will work at all with cookies disabled, as that is the only way for them to maintain normal state, such as the contents of your shopping cart or your status as a logged in user. (There is an alternative, which is appending a session ID to every internal URL, but it is significantly harder to implement than a message saying "sorry, you need to accept cookies".) – IMSoP Jan 14 '13 at 09:08

score 0 · Answer 5 · answered Oct 29 '15 at 06:33

One way we can do this is by using the Broswer history setting. Following is the code snippet that helped me in my solution

<script>
        $(document).ready(function () {
            //Masking the Url
            var loc = window.location;
            var pathName = loc.pathname.substring(0, loc.pathname.lastIndexOf('/') + 1);
            var absolutepath = loc.href.substring(0, loc.href.length - ((loc.pathname + loc.search + loc.hash).length - pathName.length));
            window.history.pushState("Object Or String", "Title", absolutepath);
        });
   </script>

score 0 · Answer 6 · edited Feb 04 '19 at 17:55

0

Just copy and paste this code in your .htaccess file:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

Very simple

edited Feb 04 '19 at 17:55

Blue

22,608
7
62
92

answered Apr 14 '17 at 07:06

Rajesh

1
4

How to mask referral URLs in address bar

6 Answers6