Your programmer is right, the formal definition of the $_SERVER['HTTP_REFERER'] variable is the following: "The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted."
So, yes, the "HTTP_REFERER" only tracks the last URL.
However, there is a simple way around it. When users come to your website, check if they already have the cookie "first_http_referer" and if they don't have it, set the value of the cookie "first_http_referer" to $_SERVER['HTTP_REFERER'].
This way you will always have the information you want saved in user's cookie - and the information won't get overwriten as your user continues to browse around your website.
I hope I've helped you with my reply.