Anthony Baratta wrote: >Do you know how easy it is to spoof HTTP Headers??? There are perl and >other scripts >as well as custom browsers (hell grab a copy of Mozilla source and build >your own) >out there that allow you to hack the HTTP headers. Yea, true. But what good it would be to someone? Sending you more money? :-) We're talking about passing a payment information here. The only security issue is the CC info and that would be true idiocy to pass it as hidden fields, otherwise, knowing someone's processing gateway ID does not provide any advantage to a hacker.