Forum Discussion
Kevin_Stewart
Aug 19, 2013Employee
I would just add to Aaron's addition that, generally speaking, blocking access based on a Referer header is trivially surmountable. Aside from browsers not passing the Referer header going from HTTPS to HTTP, it's VERY easy to spoof the header.