If checked, then requests with no HTTP Referer header will be allowed. By default these are rejected, but it is handy to allow them for example to make it easy to test a request directly with a browser or a tool like curl.