I'm assuming the answer is "no" but I haven't been able to find confirmation.
If it varies based on language, I'm interested in both the HTTP headers (e.g. PHPs $_SERVER['HTTP_REFERER']
) and JS's document.referrer
, though I assume they come from the exact same place and will be identical.
If I want to test that something has come specifically from google.com
, is it safe to do a regex match with /\.google\.com\/?$/
, or might something come after .com/
?
I know that HTTP headers can be easily spoofed, but I might as well make this as accurate/airtight as possible for those who aren't doing anything underhanded.