In IE and Chrome, if your swf object requests a url (mp3 file for example) it will also pass the HTTP_REFERER in the request. The HTTP_REFERER will be the url of the swf object.

This does not happen in Firefox. The HTTP_REQUEST is always empty.

Is this some option in the swf code, bug in flash or limitation of the browser? And is there a way to overcome this?

Thanks in advance.

Same problem here, After some research it appears to be a 3 years old bug from mozilla as stated before by @Amalgovinus.

We found a solution for this perform a POST request instead of a GET request inside the flash. You must also pass a faked data as flash will automaticly change your POST request to a GET if there's no datas to send along the request here's a flash code sample to make this work:

var url = "http://exemple.com/myNotHotlinkedSong.mp3";
var myRequest:URLRequest = new URLRequest (url);
myRequest.method = URLRequestMethod.POST;
// add some data to the request to force the use of POST inside flashPlayer
myRequest.data = "fake=fake";

We're now happy to be able to use our .htaccess to avoid hotlinking even in FF, hope others will find this helpfull.