惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

L
LINUX DO - 最新话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
PCI Perspectives
PCI Perspectives
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
H
Heimdal Security Blog
S
Security @ Cisco Blogs
N
News | PayPal Newsroom
J
Java Code Geeks
罗磊的独立博客
Security Archives - TechRepublic
Security Archives - TechRepublic
N
News and Events Feed by Topic
V
V2EX
WordPress大学
WordPress大学
Google Online Security Blog
Google Online Security Blog
N
News and Events Feed by Topic
www.infosecurity-magazine.com
www.infosecurity-magazine.com
月光博客
月光博客
AI
AI
小众软件
小众软件
The GitHub Blog
The GitHub Blog
MongoDB | Blog
MongoDB | Blog
A
Arctic Wolf
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
美团技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tailwind CSS Blog
S
Schneier on Security
博客园 - 三生石上(FineUI控件)
F
Full Disclosure
B
Blog RSS Feed
Forbes - Security
Forbes - Security
S
SegmentFault 最新的问题
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
人人都是产品经理
人人都是产品经理
云风的 BLOG
云风的 BLOG
Jina AI
Jina AI
Cisco Talos Blog
Cisco Talos Blog
U
Unit 42
Project Zero
Project Zero
H
Hacker News: Front Page
Y
Y Combinator Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
The Cloudflare Blog
大猫的无限游戏
大猫的无限游戏
S
Secure Thoughts
The Hacker News
The Hacker News
Microsoft Azure Blog
Microsoft Azure Blog

Posts on Noah Bailey

How to turn anything into a router Deploy to Cloudfront from GitHub using OpenID Connect Backup Postgres databases with Kubernetes CronJobs Restarting Kubernetes pods using a CronJob You've just bought a new domain. Now what? Who Sawed My Motherboard??? Linux on the P8 Aliexpress Mini Laptop Recovering Mysql/Mariadb after a nasty crash Using EXIF data to pick my next lens Converting and developing RAW photos on Linux automatically Thank you, 2016 iPhone Don't Make It Work Self-hosted Surveillance with ZoneMinder Backups, Monitoring, and Security for small Mastodon servers Block web scanners with ipset & iptables Executing commands over SSH with GitHub Actions Debian Sid on encrypted ZFS Protect your dangerously insecure redis server Debian: the luxurious boring lifestyle Monitor radiation with a Raspberry Pi Simple Linux server alerts: Know your performance, errors, security, syslog, and security NUC crashes on debian 11 - How I fixed it Basic Linux server security with fail2ban, ossec, and firewall Windows 11 will create heaps of needless trash Domesticated Kubernetes Networking The Cursed Certificate Our mostly disposable and entirely stupid world Trying out OpenBSD (as a Linux geek) Making VoIP Calls with Antique Rotary Phones Monitoring WAN speed with speedtest-cli and ElasticSearch Monitoring WAN latency with InfluxDB The Zeroshell botnet returns Installing Gentoo on a vintage Thinkpad T60 Malware emails 2: Russian boogaloo TP-Link Device Weirdness ElasticSearch broke all my nice things (a story of cascading failure) A New Botnet is Targeting Network Infrastructure Malware on the Wire: Monitoring Network Traffic with Suricata and ClamAV Cloud Threat Protection with OSSEC and Suricata Malware Emails From Jerks Surviving the Apocalypse with an Offline Wikipedia Server Being Attacked by Bots Linux Router, Firewall and IDS Appliance You Probably Don't Need a VPN Fix an Oversharded Elasticsearch Cluster Automating KVM Virtualization Update all your linux servers as fast as possible Cleanup Systemd Journald Storage Stop Putting Your SSH Keys on Github! Clustering KVM with Ceph Storage Stealing Windows Sessions FreeRadius Active Directory Integration Retrieving WPA2 Keys on Windows Deploy MDT Litetouch on Linux with TFTPD and Syslinux Generating MSI transform files with Orca The Inflatable Dinghy Generating Cisco IOS config files with Python Homebrew SAN Getting Cloudy
The spelling error made 200 billion times a day
2025-11-28 · via Posts on Noah Bailey

Like anybody, I’ve made my fair share of spelling mistakes in my life. It was never something I had a particular talent in, having never gotten a spelling bee medal myself. Red underlines have always been a simple fact of life for me.

But fortunately, I’ve never made a spelling mistake so consequential that it’s been broadcast at least 200 billion times every day!

This is the story of the referer HTTP header, a part of every single web request, and why it’s spelled incorrectly. It’s fine, harmless, invisible, and incorrect.

What exactly is the problem?

I first noticed this several years ago while I was setting up a log aggregation system. At that time, it was Graylog, and the default log parser used ‘referer’ to create the fields in the time-series database where data extracted from server logs was stored.

Then, I tried to “get fancy” and include a custom field from our proxy logs. This required writing a brand new log parser, and extracting everything to the same field names so that dashboards and reports would continue to work. When this custom parser was being written, my text editor helpfully suggested I fix the misspelling by substituting it with referrer instead. Then all hell broke loose.

I’m sure this has happened before, perhaps hundreds or thousands of times to other inexperienced tech workers, even ones proficient in the English language. And despite my own weak grasp on my own native language, it still bothers me just a little when I have to parse an HTTP request or look through a web server log.

How did this happen?

The root of this issue is deep. In fact, the very protocol specification for HTTP itself contains this error.

The referer field, quite simply, is the location that you arrived from. It’s not strictly required, but is a helpful way for a server to know how a request found the page it’s trying to load. For analytics purposes it is also quite handy. Without much effort, one can parse a server log and get a good idea where the bulk of their inbound traffic sources. There are also some famous examples of sites giving bogus information to visitors that came from certain undesirable sources.

The really strange thing is that the spelling mistake was actually caught in an email sent in March of 1995, when the final version of the specification was published over a year later in May of 1996!

> Has anyone else noticed that the HTTP header "Referer:" is spelled wrong?

That's okay, neither one (referer or referrer) is understood by "spell"
anyway.  I say we should just blame it on France.  ;-)

It is true that spellchecking software was much more primitive 30 years ago, and it’s therefore possible it wasn’t able to correctly identify this. However, I don’t know if I buy that, because it’s a relatively common word in the English language. Not common enough to be in a Thing Explainer book, but it’s not uncommon.

It’s likely it was simply a translation issue, as alluded to in the email. In French the word is “référer”, and with ASCII encoding not supporting accents I could understand the mixup. Until Unicode was popularized, it was common for languages with accents to have problems.

In a Usenet post made September 2000, one of the co-authors Phillip Hallam-Baker remarked:

Its like when I did the referer field. I got nothing but grief for my choice
of spelling. I am now attempting to get the spelling corrected in the [Oxford English Dictionary]
since my spelling is used several billion times a minute more than theirs.

Regardless of the explanation, it’s surely here to stay.

Correctness: Less important than consistency

The problem is that if we were to try and fix this, it would probably take another 30 years or more.

For this to happen every single HTTP library, which there are several thousands, would have to be updated universally.

Every PC, laptop, cell phone, and smart dog collar would need firmware updates. Every industrial Programmable Logic Controller with a 30 year service lifecycle would have to be taken out of service and reprogrammed. Every aircraft and vehicle that utilizes a Linux operating system, including the ones on other planets, would need full compliance with the new protocol. Not to mention the havoc this would unleash on log parsing servers like what I blew up back then!

For full backwards compatibility, which we should always strive for, it would be prudent to support both during the transition period. In that case, requests would have to look like this, at least for a few decades:

POST / HTTP/1.1
Host: example.com
Content-Type: text/html
Content-Length: 123
...
Referer https://nbailey.ca
Referrer https://nbailey.ca

And you can’t argue that it’s better like this, can you!?

The real crux of it is that consistency is much more important than correctness on its own. Whether or not it creates a red squiggle in Word is sort of irrelevant, what matters is its acceptance among other systems that interoperate using this protocol.

Ultimately, “correctness” is decided by consensus rather than by authority. Whether we like it or not, referer is here to stay.