Referrer spam and ghost referrals
Referrer spam injects fake referrer domains to lure operators into visiting a promoted site, while ghost referrals never touch your server at all — they are fabricated hits sent straight into measurement endpoints. Both pollute source reports with traffic that is not real. Recognising the pattern and filtering it keeps your data trustworthy without ever visiting the spam domains.
Spam vs ghost referrals
Referrer spam sets a fake Referer value on real (often automated) requests, hoping you will see the domain in your reports and visit it. Ghost referrals are different: they are fabricated hits sent directly to a measurement endpoint without ever loading your site, so they appear in client-side analytics for pages or domains that were never actually requested.
Server-side measurement is structurally resistant to ghost referrals, because it only records requests your server actually handled. Spam that rides on real requests can still appear and should be filtered.
- Spam: fake Referer on real automated requests
- Ghost: fabricated hits that never touch your site
- Server-side measurement avoids ghost hits by design
Filtering safely
Do not visit a domain that shows up as suspicious referrer spam — that is exactly the behaviour the spammer wants. Instead, exclude known spam domains and obvious bot patterns from your reports, and treat unfamiliar promotional referrers with suspicion until verified.
Keep filters as exclusions rather than letting spam inflate a legitimate-looking source. MDN documents the Referer header, which helps you judge whether a value is plausible.
- Never visit a spam referrer domain out of curiosity
- Exclude known spam domains from reports
- Treat unknown promotional referrers with suspicion
How it appears in analytics and logs
An unfamiliar referrer domain promoting a product, or hits that do not correspond to any real request your server handled, signals referrer spam or a ghost referral. These are noise, not traffic, and should be excluded rather than analysed as a source.
Diagnostic use case
Recognise fake referrer domains and ghost hits in your reports, filter them out, and avoid visiting spam domains that appear in the referrer.
What WebmasterID can help detect
Because WebmasterID records traffic server-side from requests that actually reached your site, it is not exposed to client-side ghost referrals injected directly into a measurement endpoint, and it can surface suspicious referrer domains for exclusion.
Common mistakes
- Visiting a spam referrer domain, which is what the spammer wants.
- Treating fabricated ghost hits as real traffic.
- Letting spam inflate a legitimate-looking referral source.
Privacy and accuracy notes
Referrer spam is fabricated input, not visitor data. WebmasterID processes traffic server-side, which structurally avoids client-side ghost hits, and never treats a spam referrer as a real visitor.
Related pages
- Self-referral and internal referrers
A self-referral happens when your own domain shows up as the referrer for a visit, which usually means a session broke and restarted mid-journey. Common causes include cross-subdomain navigation, redirect chains, and third-party payment or auth hops that return to your site. The fix is to exclude your own domains so internal navigation is not counted as a new source.
- Unknown referrer: causes and handling
Unknown referrer describes the case where a referrer is present but cannot be matched to a known source — it may be malformed, from an obscure domain, or a value the normaliser does not recognise. The honest approach is to bucket it as unknown rather than force-fit it to a familiar channel.
- Bot vs human
Separate fabricated and automated referrer noise from real human visits.
Sources and verification notes
- MDN — Referer headerReferer header semantics; spam sets fake values on this header.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.