What happens when someone accesses via the non-www version of your site?
They get redirected to the with-www version, of course. You've posted the code yourself at least 8,000 times ;)
Genuine image requests will never come from anything but the canonical form of your sitename, representing the page that your user is actually on. If the domain name is in the wrong form, it's forged and deserves to be blocked.