HTTP_REFERER should work fine. If it's set to an incorrect value, that just means the person viewing your page is trying to spoof, and who cares if their links get messed up? Heck, I'd consider that a bonus. Of course, if you go forward enough and then back, the pages before may not be cached, and when they get regenerated, the HTTP_REFERER may no longer be there. One possible solution to this might be to use HTTP_REFERER if it's set, but otherwise make the link be Javascript, which should take care of almost all remaining situations. Session recordings can be used as well, but these have serious problems of their own if people open multiple windows or decide to refresh a page earlier in the chain. I'd personally go with the combination of HTTP_REFERER and Javascript.