What is the meaning of this?
I need a reason why it is a good idea to send a person back to where they came from if the referrer is outside the domain. I want to know why several sites out there insist that this is good practice. It is easily accessible, easy to get around anyone who enters the system with malicious intent, and just looks into my face as a useless measure of "security." I do not like my biased opinions about things without another input, so explain it to me.
Request headers are credible only as your client, why did you use them as a means of verification?
source
share