How does the traffic counter identify C#: fake referer_javascript technique in WebBrowser

How to use webbrowser to fake referer: webBrowser1.Navigate(url, "_self", null, "Referer:http://www.xxx.com")

During this time, I have been studying how to set the referer source in the webbrowser to forge the source to brush the traffic. However, after half a month of research, it ended in failure because the current statistics code is more practical than cnzz.com. And the statistics that come with Google Adsense, their statistics are all calculated through js files, which results in the failure of forging the source. Let the following article explain why it is unsuccessful!

As we all know, the source of the referer on the server side can be forged. Whether it is ASP, PHP or other scripts, the referer can be forged. Some download software even forges the referer more vividly. The webbrowser control can be used to easily forge the source. . So, as the gatekeeper that protects the website, how does it prevent these fake referers?

Here, the powerful tool Javascript is used.

The methods of forging referers mentioned above are all implemented through server-side scripts, but they cannot deceive the client. JS is executed on the client side and does not pay attention to the header information on the server side. Therefore, the document.referer method of js can be used to accurately determine the true origin of the web page.

Almost all third-party statistics use document.referer to determine the origin. Why? It is precisely based on the origin of the referer under js that it cannot be forged. Even if the referer web script is successfully forged on the server side, it will not be counted in third-party statistics. The reason is precisely because these third-party statistics use document.referer to determine the true source.

Therefore, in order to combat false referer forged information, the statistical code needs to use js’s document.referer to identify, so that the forged information can be kept out.

As far as we know, so far, it is impossible to forge referer in js.

Then someone asked, if the client turns off JAVASCRIPT scripts or even cookies, how can you judge the referer? In fact, the answer is very simple, that is, the intermediate bridge between js and asp/php scripts is to operate cookies. In js, the referer is written into cookies, and asp/php reads this cookie. If the cookie cannot be read, then It is judged that it is not from this site.