As a general trend, we see more and more hits which http headers contain no or an empty REFERER (up to 50%). Obviously, some browsers or third party software (anti spyware ? anti ads ?) are blocking them, even when navigating within the same site. How does your hotlink protection cope with these : allow or forbid ?