Send a CSRF attack with a specific header referrer?
Referer
is considered a special header (like `Host´) and can not be set inside the browser. So the most you can do with some tricks is to make it empty, but not to point to some other site.
Of course you could use some other tools to make crafted requests with your own Referer
header. But in this case you (as attacker) don't have access to the cookies relevant for the target site so it would not work as an CSRF attack either.
please refer to the "Standard header checks" section on this page :
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet
In my knowledge, referrer headers cannot be changed if there is no xss flaw. Ajax requests are also not allowed to change the referrer header as told by someone in comments on this thread:
exploiting CSRF in ajax request via XSS flaw