All known Referer spoofing vulnerabilities are long-fixed, and there are far worse old browser holes that could be exploited.
However, it's still fragile since lots of people block the header. CSRF tokens should be added.
All known Referer spoofing vulnerabilities are long-fixed, and there are far worse old browser holes that could be exploited.
However, it's still fragile since lots of people block the header. CSRF tokens should be added.