我不建议使用HTTP_REFERER:

1. 在浏览器中操作非常简单.

1. It's fairly simple to manipulable in browser.

某些用户可能在其浏览器中进行了安全设置，以致根本不发送此标头.

Some users might have security settings in their browser to not send this header at all.

无法通过HTTPS访问.

某些代理从请求中删除了此标头

Some proxies strip this header from the request

已添加-请参见此问题的答案

如Charlotte Dunois在评论中所述，***在发送表单之前设置会话值，然后在第2页上进行检查.

As Charlotte Dunois stated in the comment, better set session value before sending the form and then check it on page2.

page1.php:

$_SESSION[ 'display_page2' ] = TRUE;
//rest of the content

page2.php:

if ( (isset( $_SESSION[ 'display_page2' ] ) && $_SESSION[ 'display_page2' ] === TRUE ) || isset( $_POST[ 'some_form_input' ] ) ) {
  //keep displaying page2.php
} else {
  header('Location:page1.php');
  exit;
}

使用isset( $_POST[ 'some_form_input' ] )，您可以检查表单是否已发送(通过POST方法).

With isset( $_POST[ 'some_form_input' ] ), you can check whether the form has been sent (via POST method).

在需要时，可以使用unset( $_SESSION[ 'display_page2' ] );或将其设置为其他值来取消设置会话.

When needed, you can unset the session with unset( $_SESSION[ 'display_page2' ] ); or by setting it to different value.