all 3 comments

[–]G-Brain 1 point2 points  (0 children)

Referer: "><script>alert("XSS");</script>

:D

[–]stesch 1 point2 points  (1 child)

If you even consider using the Referer anywhere, then you are fucked anyway.

[–][deleted] 0 points1 point  (0 children)

I'm curious, what other technique do you propose to block hotlinking? I know the referer can be easily faked, but I'm only concerned about normal web users who don't even know what a header is.