is $_SERVER['HTTP_REFERER'] safe?

Question

I\'m using $_SERVER[\'HTTP_REFERER\'] to generate a dynamic back link.

\">Return to..blah         


        

Answer 1

It's not. It might not be set, unwanted or even unsafe.

Concider the following:

1. User types in your url and hits go. There will not be an referrer. Not only will your back-button not work, you'll receive an notice error as well.
2. The visitor comes from an external source (lets say google) on your product page. do you want to send your visitor back to google? I don't think so.
3. The header can be modified, I'd go for either double checking it, or not using it at all.