Danbooru checking for HTTP referer? Useless.

Why do Danbooru server(s) check for HTTP referer? Clients can forge any HTTP header, rendering this check meaningless.

Bouowmx said:

Why do Danbooru server(s) check for HTTP referer? Clients can forge any HTTP header, rendering this check meaningless.

Clients can, but an intermediate site can't force the clients of people using that site to forge it, so someone who wants to (for example) directly inline Danbooru images on their site is prevented from doing so because most of the people viewing their site will send referrers normally. I assume there's some way around even that, but at the very least it stops people from inlining them on forums and blogs where they have less control over how the image is served.

Assuming I understand what you're saying right.

Sure they can, but it requires additional work on their side, so even this is more than enough to prevent 95% of hotlink traffic.

What you talking about? As I know, Danbooru uses HTTP referrer only when uploading, to be accurate with automatic source detection.

UPD: Wow, did not know about this checks on posts data.

iinitori said:

What you talking about? As I know, Danbooru uses HTTP referrer only when uploading, to be accurate with automatic source detection.

Judging by https://github.com/r888888888/danbooru/blob/master/script/install/nginx.danbooru.conf there's a hotlink protection for /data directory, which contains image files.