in reply to SF_form_secure
I get nervous when I see HTTP_REFER and (unqualified) security mentioned together.
Leaving aside the fact that the Referer header is trivially spoofed in a client, many "personal firewalls", proxies and other internet security software will remove or otherwise anonymise the the Referer header: the HTTP Specification makes the suggestion that it might be removed.
Beyond that it's not exactly clear how this might be used.
|Replies are listed 'Best First'.|
|A reply falls below the community's threshold of quality. You may see it by logging in.|