Referer
is probably not a good choice, since I assume that the client will know the server URI in advance (hardcoded or from the configuration), and the standard says :
"The Referer field SHOULD NOT be sent if the Request-URI was received from a source that does not have its own URI"
I think that Authorization
with a custom schema (see also RFC 2617 ), or a custom header such as X-Client-Id
, would be a smart choice.
source share