Ten Security Checks for PHP, Part 1
Subject:   Register Globals on
Date:   2007-03-01 14:10:51
From:   ClancyMalcolm
Response to: Register Globals on

The value of $_SERVER['HTTP_REFERER'] comes from the Referer header in the HTTP request constructed by the client software. If the client is a regular browser, the referer will probably be set correctly, but the referer request header could be forged by a malicious user.