Referer (sic) headers contain the address of a request, e.g., the address of the previous web page from which a link to the currently requested page was followed, or the address of a page loading an image or other resource. While there are many legitimate uses - including analytics, logging, or optimized caching - there are also problematic uses such as tracking, stealing, or inadvertently leaking sensitive information. The pfSense Plus software GUI checks the referring URL sent by a client browser to ensure that the form was submitted from this firewall. This check prevents a form on another site from submitting a request to the firewall, and changing an option when the administrator did not intend for that to happen.
More information can be found in our documentation here.