Flash has surprisingly little flexibility with determining what
headers are sent to the server when you request files. It does what it
does and if you don’t like it, tough. That’s the conclusion I came to
in researching to design a couple flash applications, as well as to
lock down video files for a project I was working on.
Sometimes this is for security purposes. You aren’t supposed to be
able to request files from a different domain than the SWF was sourced
from (unless a crossdomain.xml file on that domain specifically allows
it). I’ve noticed that although this is supposed to be a hard and fast
rule, some video players are able to source their video files (.flv)
from sites other than where the SWF was sourced, even if
crossdomain.xml doesn’t allow it. This is probably a bug or the result
of some arcane Flash behaviour, rather than something the designer of
the SWF can decide upon.
Either way, you need to be prepared, in flash, for the likelihood that
it will either send the proper referrers, or no referrers whatsoever,
and you really have no control over which will be the case.