Referrer Checking

When enabled, this behavior strictly allows requests only from the allowed list of domains that you specify.

Features and options

FieldWhat it does
EnableWhen On, only requests with a matching Referer header are allowed.

When Off, all requests are allowed.
Strict Referrer CheckingWhen Strict Referrer Checking is enabled, requests whose Referer cannot be used to determine a hostname (i.e., relative path Referer such as /mypath/index.html) and requests without a Referer header are denied.

When disabled, only Referer headers that contain a hostname that doesn't match the list of allowed domains are denied.
DomainSpecifies the set of allowed domains. You can create an allowed domain list as a space separated list of domains. For example,

With Include Child Domains disabled, prefixing values with *. specifies domains for which subdomains are allowed (e.g., *
Include Child DomainsWhen enabled, allows all subdomains for the domains set, just like adding a *. prefix to each.