web application – Hijacking of my site

I have my site xyz.mysite.com this is sitting on Cloudflare. I was reviewing my Apache logs and I saw a website as a referrer I did not recognise. I went to the site and it redirected to my site xyz.mysite.com totally bypassing Cloudflare. How can I break this link?

My .htaccess seems just not to work.

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^https://(www.)?referrer.com/ (NC)
RewriteRule .* – (F,L)

Blocks with a forbidden 403 legitimate url access and the forwarding site. If you could correct my .htaccess I would appreciate it.

Your advice will be most welcome.