Not at all related to the article, but I think this is the first time I have seen a page modify its contents based on the referrer site. If you click the link (and your browser uses the "Referer" header), it will have a blurb at the top welcoming hacker news readers. If you copy the URL manually, it does not.
If you remove the -H "Referer: ..." part, it will no longer contain the word "hacker".
Honestly, I am a little surprised that Firefox is sending the "Referer" header. It feels like a relic from the days when we (mostly) weren't concerned with being tracked. I suppose that it must have practical uses that would break without it.
Browsers have clamped down on that somewhat by enforcing stricter referrer policies by default if the originating server doesn't specify one. It used to be a total free for all where everyone could always see the full referring URL, then it was changed to completely blank the referrer on secure-to-insecure transitions, then it was changed again to also blank the path on cross-origin transitions so only the referring origin is revealed.
It is used for tracking, that's the whole point of the header. "Who's sending me all of this traffic" is a useful, non-invasive thing for websites to have access to. You can use rel="noreferrer" on a link to disable the header on a specific link, as well as the `Referrer-Policy` header and `<meta name="referrer" />` to have some additional control (the 'origin-when-cross-origin' value can be useful in some cases, so destination sites can attribute what origin traffic came from, but not the specific page, while still being able to track it on your own origin - I think this is actually the default behavior in browsers these days).
Yeah, I do something similar with my blog (except via JavaScript). The motivation is similar to Cendyne's.
(Because it's exhausting to have to explain for the 1000th time that I'm not going to make my blog non-furry just because some rando hates furries and thinks being a part of a nerd community is pornographic.)
I think the Referer header kinda-sorta serves as mitigation for 3rd parties just (maliciously) hot-linking to, say, images on your domain, effectively forcing you to bear the cost of upload bandwidth for those images.
(And similar, it's just that images sprang to mind.)
You can also see this using curl:
If you remove the -H "Referer: ..." part, it will no longer contain the word "hacker".Honestly, I am a little surprised that Firefox is sending the "Referer" header. It feels like a relic from the days when we (mostly) weren't concerned with being tracked. I suppose that it must have practical uses that would break without it.
EG https://html-eslint.org/docs/rules/no-target-blank/
(Because it's exhausting to have to explain for the 1000th time that I'm not going to make my blog non-furry just because some rando hates furries and thinks being a part of a nerd community is pornographic.)
(And similar, it's just that images sprang to mind.)