It is recommended to check and see whether an incoming HTTP request header referrer domain is indeed yours. When you do so, you can guard against any requests that are coming from potentially compromised sources from outside of your domain.

This prevention method is not foolproof, though. If a user has Adobe Flash installed, hackers could actually take advantage and spoof the header. Some users may also actually decide not to send referrer headers as a deliberate choice for their privacy.