# Just the domain name, no "www"
MY $AuthorizedDomain = 'example.com';
MY $FormDomain = LC $ENV{HTTP_REFERER};
$FormDomain =~ S!^https?://(?:www\.)?(.*?)(?:/.*)$!$1!;
UNLESS($FormDomain eq LC $AuthorizedDomain)
{ ErrorHTML('Unauthorized access.'); }