Various web pages anti-CSRF feature depend on HTTP Referer header values. Sometimes it takes form of loose referrer checking:
if Referer is from a third-party site, the request processing is blocked. However, loose referer checking allows requests with no referrer header at all.
There are various ways to make a request losing the Referer header - most common is just doing a 30x redirect either through attacker's site or a third party
URL shortening service like goo.gl. I've tried to find ways how to do it client-side only, in Javascript. Here are the results.
More info: Stripping Referrer for fun and profit
Standard link: normal
Ideas welcome! Mail me at kkotowicz (it's a gmail account) or reach me on Twitter (@kkotowicz)