How does a web server know what linked to it?

I use photobucket to post images to 开发者_高级运维various user forums. The forums I post to allow the embedding of a direct link to the image.

One of the services photobucket provides is a view history which includes not only number of hits but also information on which sites viewed the page. I can't figure out how they do that -- can anyone fill me in on the details?

I would like to add that ability to my own server, but isn't this a security hole in the HTTP protocol of sorts?

It knows what linked to it by the HTTP referrer. Any server side scripting language will have its own way of retrieving this information.

When you request an image from that web service (lets say it's a PHP page), the image is served, but first PHP takes a look at the $_SERVER['HTTP_REFERER'] variable to see what URL the request is coming from

It's usually information pulled from the HTTP_Referrer. It can be removed/changed so it's not a foolproof thing for security but the very basic usage is to compare this and check where it came from. When you embed an image/object from elsewhere, the term is Hot Linking and this is what the technique will usually prevent.