[wp-hackers] Enable Sending Referrers

[Firas D.]

If I understand correctly (and I may well not), it's to protect you from 
doing something that, as a verified user you're authenticated to do but 
may not want to (eg clicking random links that do evil things in 
wp-admin). It's an extra step, not a substitute one.

Firas

Denis de Bernardy wrote:

>I'd be curious to know the rational behind this defense mechanism. Like,
>isn't it trivial to fake the referrer?
>
>D.
>