Determining Referer in PHP

The REFERER is sent by the client’s browser as part of the HTTP protocol, and is therefore unreliable indeed. It might not be there, it might be forged, you just can’t trust it if it’s for security reasons. If you want to verify if a request is coming from your site, well you can’t, but … Read more

How reliable is HTTP_REFERER?

Using HTTP_REFERER isn’t reliable, its value is dependent on the HTTP Referer header sent by the browser or client application to the server and therefore can’t be trusted because it can be manipulated. Regarding the Referer header, section 15.1.2 of RFC2616 states: Therefore, applications SHOULD supply as much control over this information as possible to … Read more