是的，但是请记住，有些代理和其他东西会将这些信息剔除掉，并且很容易伪造.因此，永远不要依赖它.例如，不要以为您的Web应用程序不受 CSRF 的保护，因为您选中了引荐来源网址以匹配您自己的服务器.

Yes, but keep in mind some proxies and other things strip this information out, and it can be easily forged. So never rely on it. For example, don't think your web app is secure from CSRF because you check the referrer to match your own server.

$referringSite = $_SERVER['HTTP_REFERER']; // is that spelt wrong in PHP ?

如果只允许来自特定域的请求，则需要解析一些URL以获得***域.据我所知，这可以通过PHP的 parse_url()完成.

If you want to only allow requests from a specific domain you'll need to parse some of the URL to get the top level domain. As I've learned more, this can be done with PHP's parse_url().

andyk 在评论中指出，您还必须允许使用www.example.com和示例. com.

As andyk points out in the comments, you will also have to allow for www.example.com and example.com.