Why does Referrer Security matter?

Bots often access API endpoints or form actions directly, bypassing the natural navigation flow of a website. Real users, however, usually "come from" somewhere.

1. Ghost Forms

Real humans cannot submit a login form without first visiting the login page. Therefore, a POST request with an empty Referer header is almost certainly a bot.

Rule: IF Method=POST AND Referer=Empty THEN Block

2. Protocol Mismatch

Lazy scrapers often hardcode the referrer header as http://yoursite.com even if your site is running on https://. This discrepancy is a strong indicator of automated traffic.

3. Referrer Spam

AuraGuardian maintains a blacklist of domains known for "Referrer Spam" (e.g., semalt.com). These bots visit your site solely to leave a fake URL in your analytics logs. We block them at the door.