REFERER由客户端的浏览器作为HTTP协议的一部分发送，因此确实不可靠.它可能不存在，可能是伪造的，如果出于安全原因，您就是无法信任它.

The REFERER is sent by the client's browser as part of the HTTP protocol, and is therefore unreliable indeed. It might not be there, it might be forged, you just can't trust it if it's for security reasons.

如果您想验证请求是否来自您的站点，那么您不能这样做，但是您可以验证用户是否已访问您的站点和/或已通过身份验证. Cookie是在AJAX请求中发送的，因此您可以依靠它.

If you want to verify if a request is coming from your site, well you can't, but you can verify the user has been to your site and/or is authenticated. Cookies are sent in AJAX requests so you can rely on that.