use strict;
use warnings;

# Just the domain name, no "www."
my $AuthorizedDomain = lc 'example.com';
my $FormDomain       = lc $ENV{'HTTP_REFERER'};
$FormDomain =~ s{
                    \A
                    https?://    # Strip off the protocol
                    (?:www\.)?   # Strip off any "www."
                    (.*?)        # Grab everything before...
                    /            # The first slash
                    .*           # And delete the rest
                    \Z
                }
                {
                    $1
                }msx;

if ($FormDomain ne $AuthorizedDomain) {
    ErrorHTML('Unauthorized access.');
}