I understand you have a page who’s URL you do not want to show up in any logs or other people’s webpages, correct? The URL showing up in a referrer field will only be an issue if this hidden page has outgoing links to other websites. In such a case, simply build the outgoing links the way you want to begin with. There is no need to redirect to hide referrer information.
The other issue is preventing robots from finding the page and indexing. There are norobots declarations, but some spiders rudely ignore them. This is where a redirect may be useful, for inbound links. But this aspect has nothing to do with referrer fields. The referrer field is an issue for outgoing links only.
You could also use some Javascript to handle external URLs the way you want it. Needless to say that this only works if JS is enabled in you team mates’ browser.
This would have to go somewhere before the closing </body> tag (most likely in the footer.php of your theme)
<script type="text/javascript">var a=document.getElementsByTagName("a"),b=a.length,c=RegExp("^(https?:)?//(?!"+location.host+")"),d=0;if(0<b)for(d=0;d<b;d++)!0===c.test(a[d].href)&&(a[d].href="http://www.no-referer.de/"+encodeURIComponent(a[d].href));</script>
@bcworkz
In such a case, simply build the outgoing links the way you want to begin with. There is no need to redirect to hide referrer information.
Do you mean I should type the link like this: http://www.no-referer.de/https://google.com instead of: https://google.com
The point is that I don’t want to tell all my team members (they also have their own pages) to type in http://www.no-referer.de/ in front of all the links because they could either simply forget it or think of it of too complicated.
No, this is only necessary for any outgoing links on your secret page. This is the only situation where your secret URL would appear as a referrer. When anyone types an URL into their browser address bar, the referer field for that request is empty. In any case, the referer field value would end up in your server logs and nowhere else. As long as you are not publishing your logs, the referer information is safe.
As long as your secret URL is typed into a browser or picked from a local bookmark, the only record of the request will be on your server and the user’s local browser history. There is no reason any entity besides the two mentioned should have any knowledge of the exchange. But then when you introduce the possibility of spyware installed on user browsers, things get more complicated.
The only other way your secret URL would get out into the wild would be if you or someone else were to publish a link on a open webpage somewhere. If any search spiders come across such a link, they will try to follow it and try to extract useful information from your secret page. There are several ways to minimize this risk, but something like a password wall is the only sure way.
@bcworkz But doesn’t my URL show up on the log of the linked page too? So lets say I have the domain example.com and I link to domain.com when domain.com has a tracker and the Webmaster of domain.com looks at the log, wouldn’t he see the page where the user entered the site from?
Yes, that is what I mean by outgoing link. If you control example.com, you can format your links on your page to domain.com to route through noreferer.de. When someone clicks on such a link, the noreferer.de site will do it’s thing and protect your page’s URL. If someone were to be on your secret example.com page and manually type an address to domain.com in their browser’s address bar, the referer field is empty, the domain.com admin will have no idea what page the user was on.
For the sake of discussion, you could also route your links through a forwarding page that either sends a Forward header or outputs a page with a meta refresh tag. In such a case, (I believe) the referer field will have the URL of the forwarding page and not that of the original page. Thus the secret URL is protected, but it’s still clear which domain the link came from. I’ve not actually verified the referer field in such cases, this must be done before implementing such a scheme.
I suspect this latter scheme is what you had in mind. If you only wish to protect a particular page URL, this will work without the use of noreferer.de. If you wish to protect your entire domain, you do need noreferer.de, which can be done directly from the link HTML, there is not a need for forwarding or refresh schemes. While you could do both, there really is little point.
