http://qs1969.pair.com?node_id=580241


in reply to SF_form_secure

I get nervous when I see HTTP_REFER and (unqualified) security mentioned together.

Leaving aside the fact that the Referer header is trivially spoofed in a client, many "personal firewalls", proxies and other internet security software will remove or otherwise anonymise the the Referer header: the HTTP Specification makes the suggestion that it might be removed.

Beyond that it's not exactly clear how this might be used.

/J\