favicon.ico in referer field in access.log

Asked Dec 19 '22 at 15:42

Active Dec 19 '22 at 15:42

Viewed 63 times

There is this line in my nginx access.log:

54.201.239.190 - - [18/Dec/2022:22:34:56 +0100] "GET / HTTP/1.1" 200 64 
"http://example.com/favicon.ico" "Mozilla/5.0 (X11; Linux x86_64) ..."

Simple question: Can anybody think of a way that a "favicon.ico" can appear in the referer of a legitimate get request???

(the IP is from AWS, so it should be a script. My guess is that this is a test to check if my site responds differently when a referer is set. There are 2 more log entries from AWS IPs right before this one without a referer)

asked Dec 19 '22 at 15:42

archygriswald

In theory that might be the result of an add blocker or privacy extension that generates a self referential Referer header using your own domain rather than outright suppressing the Referer header completely. IIRC normally browser in incognito/anonymous mode reduce the referer to only the domain name rather than using `example.com/favicon.ico` though – diya Dec 19 '22 at 17:23

favicon.ico in referer field in access.log

0 Answers0