I have a form using the GET method.
I was wondering if I could protect myself (and my form) from remote form submissions by using a HTTP_REFERER check.
I don't see a way of spoofing the HTTP_REFERER if my form uses the GET method.
Now, if I were to use POST as my method, then spoofing the HTTP_REFERER is as easy as adding a REFERER value to the HTTP headers of my form results page.
But with GET, am I safe to use an HTTP_REFERER check on my form's results page, to ensure that the form's submission is only initiated on MY server? So that someone can;t mimic my form's submission on another server? Would this work? Is there a way a hacker might beat this?