Rated 5 out of 5 stars
Great add-on! I'll tell you why; it is simple and "just works"! With the recently added white-list support (which i only have needed for disqus thus far) it is close to perfect for its purpose. One thing though, i wish the strict mode would be disabled per default because many bigger sites use content-servers on a sub-domain and if they require referrer then there will be problems. This way ppl trying it out won't just discard it right away because they run into problems with the default options. Also it would be nice with a link to a test page (test by subdomain, domain, and so on) that reports back what referrer it got, so you can see if it works or not, then you could check if you break it by typing in invalid white-list regular expressions and such..Thanks for a great add-on!
Late update/reply to meh (Aug 1, 2013): I read the description of self-referrer -it seems to be appropriate as the default mode, which it is now. Regarding the test-page: I think the new, easier, white-list feature you now have available (wildcards, not reg-exp) is sufficient to weed out most errors. The rest should be test-able by checking the pages in the white-list (example: Disqus). Also I realized anyone can make their own test-page by posting a link to an HTTP header check page like http://xhaus.com/headers in some random forum, then just click the link to see the results! :)
You know what? I agree with disabling strict mode by default.
Do you think it would be worth to set as default "self" mode too? It uses as referer the URL you're going to.
About the test page, I can provide a simple .php to put up locally, to test it I usually fill the /etc/hosts with the fake domains I want to test on and change the set of links on the .php page.
Putting it online would be harder because it would require a local DNS server to do the required magic and I don't have the resources to get a VPS for it.
Something I could do about it is a simple JS page on my website where you can test your whitelists against a set of domains.