I spent a while looking around for something that would help me tighten up some pages that did not need reached unless they came from another page that I had authorized.
In this example we check first that there is a referring URL and if there is not then go to my error page. The next part two checks look to ensure that the referring page is not the two pages we are okay with the referring URL to be. If the referring URL is not either of those then we know the previous page is not what we want either and we refer to an error page.
<% referer=request.servervariables("http_referer") if (referer = "") then Response.Redirect "error.asp" elseif (referer <> "<a href="https://www.google.com">https://www.google.com</a>") then elseif (referer <> "<a href="https://www.yahoo.com">https://www.yahoo.com</a>") then else Response.Redirect "error.asp" end if %>