diff --git a/lbrynet/lbrynet_daemon/LBRYDaemon.py b/lbrynet/lbrynet_daemon/LBRYDaemon.py
index e23a9aa85..a3cf04446 100644
--- a/lbrynet/lbrynet_daemon/LBRYDaemon.py
+++ b/lbrynet/lbrynet_daemon/LBRYDaemon.py
@@ -402,10 +402,16 @@ class LBRYDaemon(jsonrpc.JSONRPC):
 
     def render(self, request):
         origin = request.getHeader("Origin")
+        referer = request.getHeader("Referer")
+
         if origin not in [None, 'http://localhost:5279']:
             log.warning("Attempted api call from %s", origin)
             return server.failure
 
+        if referer not in [None, 'http://localhost:5279/']:
+            log.warning("Attempted api call from %s", referer)
+            return server.failure
+
         request.content.seek(0, 0)
         # Unmarshal the JSON-RPC data.
         content = request.content.read()