[still_grokking]

Modern browsers suppress the referrer. Relying on it for functionality is not a good idea.

[Meph504]

Fair point, you can accomplish the same by comparing the ip adress that the image request came from against your servers.

[ichicoro]

Wouldn't that just mean comparing the user's public address? It is the browser that is trying to download the image from your servers.

[Meph504]

The shortest route yes, but I'd rather whitelist check, because depending on your infra, there might be a lot more things that make request for the content.

But the concept is the same, server side check the ip of the request, and take action based on that check.