What is the most reliable way to hide / spoof the referrer in JavaScript?

Question

Normally, the referrer is traceable through:

• JavaScript\'s document.referrer
• The request headers, e.g. PHP\'s $_SERVER[\'HTTP_REFER

Answer 1

There is a cross browser solution in Javascript that removes the referrer, it uses Iframes created dynamically, you can take a look to a proof of concept ( disclaimer: it uses a little JS library I wrote ).