Referrer Checking

When enabled, this behavior strictly allows requests only from the allowed list of domains that you specify.

Features and options

Field

What it does

Enable

When On, only requests with a matching Referer header are allowed.

When Off, all requests are allowed.

Strict Referrer Checking

When Strict Referrer Checking is enabled, requests whose Referer cannot be used to determine a hostname (i.e., relative path Referer such as /mypath/index.html) and requests without a Referer header are denied.

When disabled, only Referer headers that contain a hostname that doesn't match the list of allowed domains are denied.

Domain

Specifies the set of allowed domains. You can create an allowed domain list as a space separated list of domains. For example,

example1.com example2.com example3.com

With Include Child Domains disabled, prefixing values with *. specifies domains for which subdomains are allowed (e.g., *.example1.com).

Include Child Domains

When enabled, allows all subdomains for the domains set, just like adding a *. prefix to each.


Did this page help you?