I know I visited the applications of $_SERVER['REQUEST_URI'] in a previous post, but I have decided to go through them in a bit more depth.

I used to use Norton Internet Security (2006), and it is one of the evil examples of security software that “breaks” the traditional xhtml validation link by blocking the referrer header from the browser. For example, when a user using Norton clicks a link like this, ‘http://validator.w3.org/check?uri=referer’ , they will receive the dreaded “No Referrer header found!” (below).

So, with that in mind, I don’t use the referrer method to validate the pages of my blog; instead I use the code:

<a href="http://validator.w3.org/check?uri=http://alanedwardes.com<?php echo $_SERVER['REQUEST_URI']; ?>”>Validate Page</a>

This above code is all very well - but when you’re making a public theme, (for WordPress say), you would logically use the WordPress site URL - E.g.

<a href="http://validator.w3.org/check?uri=http://<?php echo get_settings('home'); echo $_SERVER['HTTP_HOST']; echo $_SERVER['REQUEST_URI']; ?>”>Validate Page</a>

But, this method also creates a problem. If the user’s blog is stored on example.com/blog, the above would print http://example.com/blog/blog/current-page. To solve the problem, you can use $_SERVER['HTTP_HOST']; function of PHP instead of the wordpress “get_settings(’home’)” function to print the exact root of the domain. Example:

<a href="http://validator.w3.org/check?uri=http://<?php echo $_SERVER['HTTP_HOST']; echo $_SERVER['REQUEST_URI']; ?>” title=”This page validates as XHTML 1.0 transitional”>Validate</a>

This way the validate link is compatible with all security software - because it does not rely on the referrer to work.