The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.