Hi, I want to allow only a handful of refering sites to access parts of my application. I understand that in rails I can use request.referer which does identify the refering site correctly however is it possible for the less desirable to "spoof" this in order to access the app. If so is there any other way of protecting the app. Thanks in advance. Steve