Since this is a computer security attack, I would think that it would be ethical to address a solution to this attack.
- Perhaps not, but there are still some things that can be done. For example, I disallow GET and HEAD requests where the request and referrer fields are the same - which logically should never happen as pages that refer to themselves do not cause browsers to (re-)fetch them upon clicking on such links. However, certain malicious spiders do present such bogus requests. I also check for off-server hotlinking. 18.104.22.168 (talk) 02:55, 5 October 2011 (UTC)
Someone needs to check those links.
- I'm uneasy about this; Wikipedia shouldn't be seen as abetting fraud. Rhinoracer 15:03, 28 September 2007 (UTC)
Cross-site request forgery
Currently this page is concerned with clients who intentionally spoof their own referrer. It should also discuss how and when an attacker performing cross-site request forgery can cause the victim to misrepresent their referrer (in order to circumvent referrer-based CSRF countermeasures), and how users can ensure that this isn't possible. —Saric (Talk) 16:04, 13 January 2012 (UTC)