In general, this is the correct and most performant way to do this.
You do need to verify context.Request.UrlReferrer
is not null before accessing the Host
property.
While watermarking is a 'non-violent' method that can work in a whitelist approach like this, in general a blacklist-based approach to target particular offenders is less problematic.