Your question has been hanging around here for a while and I don't know if it is still relevant, but as I understand it, you want to make sure that calls for images, stylesheets and scripts all have a referrer from the same site as these files are located on. Is that a correct interpretation of the problem?
Intranet (i.e. you control, or can control, the browser) or Internet (you don't)?
You can also set up session handling and start a session on the referring page that you check for before serving the protected file (you can also check that both requests have the same user agent string, IP addresses in the same block etc).