Posted by e_matthes on 06/01/07 14:25

Hello,

I keep reading that $_SERVER['HTTP_REFERER'] can easily be faked. Is
that true of all server variables, or just some of them? In
particular, I'm wondering if server_port can be faked.

I'm interested right now because I want to detect whether the current
page request is using http or https. I realize there are other ways
to ensure the correct delivery of pages over https using directory
management and htaccess, but I also want to understand the server
variables better.

• Next in forum: Re: re Prevent loading of php pages
• Prev in forum: Re: header()
• Thread view: Faked $_SERVER variables

[Reply to this message]