>The thing I'm not sure about is whether any requests made from an >iframe (i.e. images) takes the iframe's URL as a referer or if it >inherits the parent page's (in the latter case we'd have a CSRF >problem). Well put. Thank you. _______________________________________________ Brian Layman www.TheCodeCave.com