The plugin currently uses the referrer for checking against the whitelist, but this is not useful for making direct requests to Jenkins (e.g., from a script) when there would be no 'Referer' header.