top | item 42813296

(no title)

I think you can check the HTTP_REFERER header and block the redirect using your back-end code, like PHP or Node or Python, not sure what tech stack you are using.

discuss

sgc|1 year ago

The right play might be to have a custom landing page or header / popup on your site indicating that they were referred by a fraudulent domain, and to please bookmark your proper domain / report if this was via an email link. The traffic might be good, just coming in through a bad actor.

gwbas1c|1 year ago

No, just redirect back to HTTP_REFERER. Why?

The user's browser will display a redirect loop error; and most importantly, they won't see your domain.

It keeps your name out of it and makes the email domain look even more fishy.

colechristensen|1 year ago

You can do the same with a load balancer or reverse proxy like nginx, and I’d generally prefer do to so at that layer.

Ayesh|1 year ago

If I was running the sites 301 redirect from, I'd be setting a referrer policy to prevent the browser from sending the referrer header.

kbolino|1 year ago

The referer is the site that sent the user to the redirect, not the redirect itself. You cannot detect 301s from the destination only.