I'm building an application that will interface with the hosted payment page module and want to ensure everything is well secured.
I want to enable the referrer URL validation to ensure only verification calls from my application will get accepted.
I tried setting the origin from many items in the request's header with absolutely no result.
Can someone explain how the Referrer URL is validated? What is checked and what should be sent from the application? The test link always returns a blank URL no matter what headers I send, be it from the staging environment that is publicly accessible or the local dev environment.