Unfiltered Request Headers

<?php 
$uri = getenv('REFERER');
$uri = filter_input(INPUT_SERVER, 'REFERER', FILTER_UNSAFE_RAW);
?>
<a href="<?php echo $uri?>">Back</a>
Watch out for Cookie injected XSS as well