Http headers in Django

In the django docs:

HttpRequest objects

Attributes

All attributes should be considered read-only, unless stated otherwise.


would it be safe to use the value of HTTP_REFERER in a view variable to get the previous page a user visited or can this be spoofed client-side?

This can be spoofed or blanked by the client. See HTTP referer - Wikipedia

You can never trust any data coming from the client. You must always assume that anything coming from the browser could be spoofed or altered.