.oO(Fox)

>Make sure the $HTTP_REFERER is from an "allowed" domain...

* It should be $_SERVER['HTTP_REFERER'].

* The referrer is unreliable. It's not always available and additionally
easy to fake. Relying on it for security issues is _really_ stupid.

Micha