Is there a true way (or at least more secure) of determining who sent the request than checking the referer header?

Question

I have been using the referer header server-side to verify an API endpoint, and after a while I thought about it and realized that it can be spoofed. This is a