diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index ada51b38bf5..f448e343abc 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -107,13 +107,6 @@ function analyse_sql_injection(&$var)
 analyse_sql_injection($_GET);
 analyse_sql_injection($_POST);
 
-// Security: CSRF protection
-if (! defined('NOCSRFCHECK') && ! empty($_SERVER['HTTP_REFERER']) && !eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
-{
-	unset($_GET);
-	unset($_POST);
-}
-
 // This is to make Dolibarr working with Plesk
 set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
 
@@ -121,6 +114,15 @@ set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
 // This include will set: $conf, $langs and $mysoc objects
 require_once("master.inc.php");
 
+// Security: CSRF protection
+//print 'HTTP_REFERER='.$_SERVER['HTTP_REFERER'].'<br>';
+//print 'DOL_MAIN_URL_ROOT='.DOL_MAIN_URL_ROOT.'<br>';
+if (! defined('NOCSRFCHECK') && ! empty($_SERVER['HTTP_REFERER']) && !eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
+{
+	unset($_GET);
+	unset($_POST);
+}
+
 // Check if HTTPS
 if ($conf->file->main_force_https)
 {