referrals Referral program

[vhorfurz 1]

Dear AirVPN administrators,

Contrary to what is written on the page https://airvpn.org/faq/referrals/, I would like to point out that as of 11/14/2025 in Firefox and Chromium, no “referred_by” cookie is created on a request to https://airvpn.org/?referred_by=123456

Is this a bug on the website?

Or has the referral program ended? If so, could you clarify the situation by removing the obsolete pages https://airvpn.org/referrals/ and https://airvpn.org/faq/referrals/?

Thank you in advance for fixing this.

[Tech Jedi Alex 1502]

Cannot reproduce. Browsing to https://airvpn.org/?referred_by=89714 in a session with airvpn.org cookies cleared correctly creates a cookie with my account ID as value. Though the name appears to be _Host-referred_by now.

[Staff 10348]

15 hours ago, vhorfurz said:

could you clarify the situation

Hello!

The referral program is active and working as usual. We could not reproduce the problem you mentioned and we leave further investigation to the support team, if you wish to open a ticket, thank you.

Kind regards
 

[vhorfurz 1]

Thank you for your feedback.

I just ran some new tests by scanning the header returned by nginx.

Yes, that's right, I did find a __Host-referred_by cookie.

 

And you're right: the request

curl -I https://airvpn.org/?referred_by=89714

displays a cookie named __Host-referred_by that is correctly initialized to 89714.

 

In my Chromium browser, the header returned by nginx shows a __Host-referred_by cookie that is also correctly initialized to 89714.

 

But in my Firefox-ESR browser, the web page is immediately redirected to the home page https://airvpn.org/ and the cookie is reset, as shown by the header returned by nginx:

HTTP/2 200 
server: nginx
date: Sun, 16 Nov 2025 03:48:22 GMT
content-type: text/html;charset=UTF-8
content-length: 12647
content-security-policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.paypal.com *.paypalobjects.com *.amazon.com *.payments-amazon.com; connect-src 'self' *.paypal.com *.paypalobjects.com *.amazon.com *.payments-amazon.com; style-src 'self' 'unsafe-inline'; media-src 'self' data:; font-src 'self'; manifest-src 'self'; img-src 'self' data: ugc.airvpn.org ugc.airvpn.org stats.airvpn.org *.paypal.com *.paypalobjects.com *.amazon.com *.payments-amazon.com *.media-amazon.com; frame-src 'self' *.paypal.com *.paypalobjects.com; frame-ancestors 'self'; form-action 'self' *.amazon.com *.payments-amazon.com *.media-amazon.com *.amazon.de; base-uri 'self'; report-uri /security/report/csp/;
set-cookie: PHPSESSID=9sv1fe2i6tvrm0v57shq2dviqt; path=/; secure; HttpOnly
set-cookie: ips4_guestTime=1763264902; path=/; secure; HttpOnly
set-cookie: __Host-referred_by=0; expires=Tue, 16-Dec-2025 03:48:22 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=Strict
x-ips-loggedin: 0
content-encoding: gzip
vary: cookie, Accept-Encoding
x-ips-cached-response: Sun, 16 Nov 2025 03:47:55 GMT
last-modified: Sun, 16 Nov 2025 03:47:55 GMT
expires: Sun, 16 Nov 2025 03:48:52 GMT
pragma: public
x-air-bk: 2
onion-location: https://airvpn.org/
feature-policy: autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; microphone 'none'; magnetometer 'none'; midi 'none'; payment 'none'; sync-xhr 'self';
cache-control: max-age=0, no-cache, no-store, must-revalidate
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubdomains; preload
X-Firefox-Spdy: h2

So I created a new Firefox profile called Out-of-box-tester, then restarted Firefox-ESR on this blank profile, but in the same environment as my usual profile:
firejail firefox-esr -P Out-of-box-tester

The web page is not redirected to the home page and the cookie is initialized correctly:

set-cookie: __Host-referred_by=89714; expires=Tue, 16-Dec-2025 04:31:41 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=Strict

Then I installed three basic extensions (uBlock Origin, Privacy Badger, Forget Me Not), manually deleted all history, closed and restarted Firefox-ESR on the same profile.

The web page is not redirected to the home page and the cookie is initialized correctly:

set-cookie: __Host-referred_by=89714; expires=Tue, 16-Dec-2025 04:44:21 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=Strict

 

I conclude that the problem stems from the special configuration of my usual Firefox profile, which forces redirection to the home page, preventing the cookie from initializing correctly. Among the extensions I use is “Neat URL,” which does not seem to be the cause. But I use many other extensions, such as “Privacy Settings,” which makes investigation more difficult.

 

Sorry for the somewhat dramatic title of my post. Since I can't add “[Solved]” to the title, I'm adding the tag “solved”.

Thank you for taking the time to respond. If I had immediately used the curl -I command in a terminal instead of trying to compare in the Chromium interface, I probably would have quickly spotted the __Host-referred_by cookie and wouldn't have bothered you.

 

I think what's important is that the recommendation program is 100% compatible with basic extensions such as uBlock Origin and Privacy Badger (as well as Forget Me Not when the subscription is made immediately after clicking on the recommendation link).