Problem Solved!
Not exactly. What if you have a web page you can log into. Now the cookie in the header will be different every time you log in. If you try and do the same trick with the cookie field as you do with the referrer field, you cannot actually log in. I obviously need to think about this some more, and become one with the HTTP 1.1 specification.
Any recommendations are welcome.