Apr 03, 2014

Apr 03, 2014 HttpWebRequest.Referer Property (System.Net) | Microsoft Docs public string Referer { get; set; } member this.Referer : string with get, set Public Property Referer As String Property Value String. The value of the Referer HTTP header. The default value is null. Examples. The following code example sets the Referer property. // Create a 'HttpWebRequest' object. Cross-Site Request Forgery Prevention - OWASP If the Origin header is present, verify that its value matches the target origin. Unlike the Referer, the Origin header will be present in HTTP requests that originate from an HTTPS URL. Checking the Referer Header¶ If the Origin header is not present, verify the hostname in the Referer header … HTTP Security Headers and How They Work: Whitepaper

Referer is a header sent and controlled by the client. You cannot trust any data coming unchecked from the client. As others pointed out, it can be easily manipulated.

Tighter Control Over Your Referrers - Mozilla Security Blog Jan 21, 2015 How to Implement Security HTTP Headers to Prevent

Jul 17, 2015

Cross-Site Request Forgery Prevention - OWASP