One for the archives... <tip author="Anthony Baratta" type="Bogus HTTP Headers"> We use a shopping cart COM object (IIS Cart) that has an option to check the referrer in order to help against hacking the shopping cart forms. While it doesn't beat good coding practices, it's a nice hurdle to implement. We've found that if users are have Norton Personal Firewall installed, the HTTP_REFERER is stripped by the firewall software and replaced with HTTP_WEFERER. The value of HTTP_WEFERER is also an encrypted string. e.g HTTP_WEFERER=HYUCDDJBLVLMHAALPTCXLYRW Searching google yielded limited results - only guesses as to what it might be. I was finally able to get a user complaining about accessing our eStore to test an example form for me. We were able verify that Norton Personal Firewall was munging the HTTP headers. Strangely, Norton's support website does not contain any reference to HTTP_WEFERER, but I was able to find that this software does block http referrers by default. How to pass referrer information to specific Web pages in NIS and NPF 2002 and earlier http://service1.symantec.com/SUPPORT/nip.nsf/cfcd5649881a90978525693700527436/7ad5cc720a93528788256913007c3012?OpenDocument&prod=&ver=&src=sg&pcode=&svy=&csm=no How to pass referrer information to specific Web pages in NIS and NPF 2003 http://service1.symantec.com/SUPPORT/nip.nsf/docid/2002110811290836?Open&src=sg&docid=2000070515373136&nsf=nip.nsf&view=cfcd5649881a90978525693700527436&dtype=&prod=&ver=&osv=&osv_lvl= </tip> --- Anthony Baratta President Keyboard Jockeys "Conformity is the refuge of the unimaginative."