I think this question has been already answered, but as a general tip, youd better use other mechanisms rather than rely on HTTP_REFERER for identifying or validating the source of anything, as it can be overwritten easily with tools like curl or something else.

HTTP headers are ok for statistical info, such as where people comes from to our site through what links, but are a little bit risky if you base part of your security or integrity on them.