How reliable is document.referrer in determining the source?
I want a website (A) to only work if the visitor came from a specific other website (B).
I am planning to use document.referrer in website A to check whether website B is the source (check is done server-side).
Is it safe and reliable way? If not, what are my alternatives?
I have looked at this, but the use case is exact opposite of mine.
This plan will not provide any degree of security. document.referrer does not exist "on the server side." It only exists as you're talking about in the browser.
What you get on the server is the HTTP referrer, and that is trivial to spoof.